[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Re: NAT router inbound network traffic subversion
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: [Full-Disclosure] Re: NAT router inbound network traffic subversion
- From: "raize" <raize@xxxxxxxxxxx>
- Date: Fri, 28 Jan 2005 17:52:29 +0000
>Can anyone prove me wrong? Can someone push a rogue packet behind a router
>with no client interaction???
I don't claim to be an expert on this, and I'm actually kind of surprised no
one has mentioned this yet to you but yes, it is always possible. There is such
a thing as "idlescanning" that does something kind of like this. It works very
well on NAT routers to expand the inhabitants on the other side. The players
are A, Z, and T; attacker, zombie, and target, respectively. There's a chart on
the nmap page about it.
http://www.insecure.org/nmap/idlescan.html
hping is another tool that might work to accomplish what you are describing.
The complication here is that you cannot simply craft packets to arbitrarily
send to those on the other side of a NAT router. But you can determine how many
clients are behind a NAT and spoof packets from them to the router and the
router will craft packets in response. If you could get the router to respond a
particular way, you could possibly use that to your advantage in a DoS or other
malicious way. But the applications that would be succeptible to this must have
been coded very poorly. Still, supposing a personal firewall automatically
blocks an IP if it sends a flood of requests, you could use this to make the
firewall block it's own router. This would result in a DoS for the user running
the firewall, and it didn't involve any interaction on their part.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html