Re: NAT Challenge

Forums » Up and Running » Security » Security » El Cheapo Router Challenge


Share Topic:	RSS topic:	toggle: flat / full normal / watch	Posting:	Post a:	Post a:

Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal

FoxTrot Cartoon on spam... »
« Weird Download Popup

Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB

·Shaw

said by Daniel

:

Can we have you surf and such while we try? I've wanted to do some of this testing for quite a while anyway.

When do you want to do it and do you have a preference as to which NAT device? Would I be surfing to your site, or just surfing in general?

Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel

permalink · 2005-10-27 15:48:00 · Print ·

Daniel
Premium,MVM
join:2000-06-26
Pleasanton, CA
clubs:

Re: NAT Challenge

said by Link Logger

said by Daniel

:

Can we have you surf and such while we try? I've wanted to do some of this testing for quite a while anyway.

When do you want to do it and do you have a preference as to which NAT device? Would I be surfing to your site, or just surfing in general?

I'm not sure what they paramaters would be, but no, it wouldn't be to a site I own. The idea would be to try and ride back through entries in your NAT table. I'm not saying I could do this, or that it can be done, but I don't see it as impossible.

As for whether or not someone could get packets into a modern SOHO router that doesn't have anything in the NAT table -- that I'd rate as highly unlikely.

But yeah, I think we should explore this for real this time. Many of us here have wanted to for a while now; we should just go ahead and do it. Let's set up a time to meet in #ATU or something.

--
dmiessler.com -- grep understanding knowledge

permalink · 2005-10-27 17:29:19 · Print ·

B Premium,MVM join:2000-10-28	Re: NAT Challenge A variation to a site you own would probably be good too -- the attack could involve an HTML e-mail message with links back to an image at your site -- the image retrieval would alert you to the target's presence (and presumably NAT table state). Stretching the definition of "unsolicited" I realize, but... -- B -- In a realm outside causality and function
	permalink · 2005-10-27 17:33:08 ·

Link Logger Premium,MVM join:2001-03-29 Calgary, AB ·Shaw	That sounds fair. Try scanning the 'El Cheapo NAT Router' and see if you can determine what ports are being used and if that doesn't work I'll tell you what ports are being used so we don't waste too much time on detection and can focus on exploitation. Blake -- Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel
	permalink · 2005-10-27 17:35:45 ·

your comment..

Forums » Up and Running » Security » Security	FoxTrot Cartoon on spam... » « Weird Download Popup


Wednesday, 02-Dec 05:29:38	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF