-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Check it here -> http://www1.cs.columbia.edu/~smb/papers/fnat.pdf
This should help clarify why NAT can not be considered a security feature. On Thu, 27 Jan 2005 22:12:19 -0800 Kristian Hermansen <[EMAIL PROTECTED]> wrote: >I have Googled around and asked a highly-respected Professor at my >University whether it is possible to direct packets behind a NAT >router >without the internal 192.168.x.x clients first requesting a >connection >to the specific host outside. The answer I received is "not >possible". >I also asked if this can be thought of as a security feature, to >which >the reply was again "yes". > >Now, I wouldn't place all my bets on his answer and I am calling >on >someone out there to clear up my question. If NAT really does >only >allow inbound connections with a preliminary request as he >suggests, it >seems that the only way to get an "unauthorized" packet behind the >router is by some flaw in the firmware of the device. > >How about if the client has requested a connection to Google.com >from >behind his Linksys home NAT router: would it be possible for an >outside >attacker to spoof packets from Google's IP to get packets into the >network? Or do we need to know the sequence numbers as well? Or >is >there an even more devious way to get packets on the inside >without a >client's initiative? > >Has there been any research into this? Are there statistics on >worm >propagation and exploited network hosts in relation to those >individuals >that did not own routers (and instead connected directly to their >modem)? If *all* home users on the Internet had NAT routers >during the >summer of 2003, would we have significantly slowed the spread of >Blaster? I believe these all to be very important questions and >the >security aspects of the ability to route packets behind NAT really >interests me...maybe some of you can elaborate :-) >-- >Kristian Hermansen <[EMAIL PROTECTED]> -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkH6Z/UACgkQ1kZ6e0Djf6zn3wCgiIb4yUWKP82hge9Oml7Qp75lOR0A oK4bjNPHtARambOFA4IallqA/b8C =Z8vB -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
