Le jeudi 06 juillet 2006 à 11:34 -0700, Alex Pankratov a écrit : > > Yes I've seen it happen behind a NAT too. I've been explained it's a > > security measure: if this was allowed, an external host could use IP > > spoofing to simulate traffic between machines on the LAN (while LAN > > traffic is supposed to be trustable), and then do all kinds of nasty > > things. > > I worked very closely with a number of NAT/policing engines. Having > thought about your remark for sometime now, I can't seem to understand > how hairpin'ing could possibly contribute to an attack you referred to.
I don't remember the explanation exactly (and I stopped working at the place where I could ask people again), but I think it must be regarded in the context of a naïve NAT implementation. If your NAT is full-cone, for example, hairpinning could open a mapping from the outside to the inside and allow external traffic to come on the LAN. Together with spoofing one could simulate traffic to an internal server. Perhaps I'm completely wrong or perhaps the person who told it to me was completely wrong. The guy was supposed to be a security expert though ;-) What I'm sure about is that I noticed the same behaviour as mentioned at the beginning of the thread, and it was caused by a basic NAT device targetted at home users (I don't remember the vendor and model - again, I don't work where I used to anymore, so it's difficult for me to find the information). The workaround I explained allowed to establish communication between two P2P nodes on the same machine behind the NAT. Regards Antoine. _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
