Penetration Testing mailing list archives
Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions
From: David Pick <D.M.Pick () QMW AC UK>
Date: Wed, 27 Sep 2000 17:11:26 +0100
<snip>
The network has no remote access points (it does not have a VPN or any Dial-Up Servers). It has only a sever, router, & firewall. The firewall is doing both NAT and Stateful Packet Inspection (SPI from here on in). There are no rules with the exception of the default (anything going out can go out but nothing can come in unless the firewall has cached or is aware of the potential incoming connection). If the connection comes back in on a different port then the firewall expects (assumes) it will drop the connection. Is there anyway to circumvent this firewall (or any firewalls that employ NAT and SPI as there primary defense mechanisms?) Is there anyway to get direct access to the server? I have port scanned the router and found listening ports and remote administration software but I am curious as to how one could circumvent the firewall (if this is done through hijacking the router I would be curious about that also).
Of course: 1) Set up an "attractive" Web site 2) Insert a java-based applet that contacts your Web server but shows nothing in the browser window 3) Use "human engineering" to get your friend to look at the Web site 4) The java applet can establish connections *out* to the Web site and pass any data in any direction it likes 5) In particular, bugs in the JVM may allow nefarious code to run or: 1) Send a VBS "virus"/worm that establishes an outward connection to a server with more data/code/scripts to execute 2) Your friend opens the message and establishes the outward call... or: 1) Use "human engineering" to get your friend to load a "security patch" onto his machine which establishes an outward call. 2) Your friend runs the "patch" and makes the outward call... But it's still a lot stronger than most people and will keep most "script kiddies" out. -- David Pick
Current thread:
- [PEN-TEST] NAT / Stateful Packet Inspection Questions Leon Rosenstein (Sep 27)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Jose Nazario (Sep 27)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions David Pick (Sep 27)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Deri Jones (Sep 27)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Andre Delafontaine (Sep 27)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Dug Song (Sep 27)
- <Possible follow-ups>
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Loschiavo, Dave (Sep 29)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Fred Mobach (Sep 29)