Penetration Testing mailing list archives
Re: [PEN-TEST] Non-routable IP weaknesses?
From: M Schubert <schubert () fsck org>
Date: Wed, 20 Dec 2000 08:57:22 -0800
On Tuesday 19 December 2000 21:20, you wrote:
Anyone know of anything "interesting" that one could do once one had determined that a customer, protected by a NAT based device, had specific non-routable IPs active (e.g. 10.x.x.x, 172.16-31.x.x and 192.168.x.x addresses)
Obvious question... are their any remote management services running on that NAT device? (telnet, ssh, pcAnywhere, IP Magic) Is there a firewall running in front or alongside of the NAT device? If so, are there any vulnerabilities that you could use to make the firewall fail open? (easier said then done I suppose...). You could also see if there are any trust relationships in place between the NAT device or internal clients with a box on the service network (assuming there is a service network) and exploit it. Oh and there's always the social engineering aspect of the situation... (emailing a trojan to an employee who resides on the internal client network). Usually the security found in having internal clients protected by the inherent feature of NAT to provide non-routable IPs is defeated by an improperly secured NAT device or trust relationships with external hosts (DMZ / service network, co-located servers or even employee's home machines). -- -- M. Schubert - mschuber () uci edu -- Security Specialist - michaels () lightspeedsystems com -- Sys Admin - schubert () fsck org
Current thread:
- [PEN-TEST] Non-routable IP weaknesses? Thomas Reinke (Dec 20)
- Re: [PEN-TEST] Non-routable IP weaknesses? M Schubert (Dec 20)
- Re: [PEN-TEST] Non-routable IP weaknesses? batz (Dec 20)
- <Possible follow-ups>
- Re: [PEN-TEST] Non-routable IP weaknesses? Frank Darden (Dec 20)
- Re: [PEN-TEST] Non-routable IP weaknesses? Philipp Buehler (Dec 21)