[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Learn from history?

To: Andrew Simmons <andrews@xxxxxxxxxxx>, Full-Disclosure <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] Learn from history?
From: "Serge van Ginderachter (svgn)" <svgn@xxxxxxxx>
Date: Thu, 6 May 2004 21:54:54 +0200

> From: Andrew Simmons 
> > do you have any idea how much small businesses have just a 
> NAT router
> > instead of a real firewall?
> 
> in what way is a nat box *not* a stateful firewall?

First, I don't believe I said they weren't. Depends on which 'box' we're
talking. Some simple SMC or USRobotics router vs. e.g. IPCop etc.

Secondly, that was not the problem I was referring to. The problem with what
I understood by a NAT box, is the fact they generally do not allow outbound
filtering, meaning a hacker who made a first step inside, has all ports open
to backfire command shell, download some hack tools etc.

Simple example: a cracker sends you a mail with an url you should click. The
url is not 'http://server/' but \\server\share, which you might not notice.
With such a simple trick he can have a netbios session and read out a whole
lot of information about your system. Now with outbound filtering that could
be stopped. Which is definitely not possible with a simple NAT box.

Everyone know NETBIOS must be blocked incoming. Now I hope you understand
why it should be blocked outgoing also.


Serge

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] Psexec on *NIX
Next by Date: Re: [Full-Disclosure] Psexec on *NIX
Previous by thread: RE: [Full-Disclosure] Learn from history?
Next by thread: RE: [Full-Disclosure] Learn from history?
Index(es):
- Date
- Thread