From: Chris Brenton (cbrenton@chrisbrenton.org)
Date: Sat Oct 15 2005 - 18:28:53 EDT
On Sat, 2005-10-15 at 09:38 +0100, hannibal blog wrote:
>
> I'm wondering how can we pass through a firewall that is using Network
> Adress Translation for the internal network?
Spend some time reading up on loose source routing (LSR). I've found
that some of the cheap/home NAT based firewalls I've tested (about half
in a study I did 3 years ago) can be traversed by bouncing LSR packets
off of them.
High end firewalls are pretty safe, but some still have issues. For
example I *think* it was Netscreen firewall I ran into problems with
during a pen test. LSR packets trying to bounce off the firewall were
correctly dropped, but LSR packets attempting to bounce off of an
internal host were permitted through. This let me LSR TCP/80 packets off
of an internal Web server and redirect them to TCP/80 used to manage an
internal switch.
> Is firewalk still useful in this case ?
Not really. Firewalk needs access to the final IP in order to produce
accurate data. Of course that begs the question, "Can you firewalk LSR
packets?". hummm..... ;-)
HTH,
Chris
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:03 EDT