Mailinglist Archive: opensuse-security (220 mails)

< Previous Next >
Re: [suse-security] Penetration test and NAT/PAT
  • From: dim owner <rtpc@xxxxxxxxxxx>
  • Date: Wed, 12 Nov 2003 15:26:37 -0500
  • Message-id: <200311121526.37638.rtpc@xxxxxxxxxxx>
On Wednesday 12 November 2003 05:20, Barry Gill wrote:
> Hello All,
>
> I want to run Nessus against my corporate gateway to see what threats we
> face from the outside world. The router that we have connecting us to the
> internet is a Cisco 805 running PAT.
>
> Is there a way to run nessus that it can be set to target the internal IP's
> (10.0.0.0) through the external IP of the router that anyone knows of? Or
> is there a tool that woill do this for us?.
>
> Please advise, thanks.
>
> Barry

Barry, you might want to look at snot. But maybe not.

If you have a NAT running, it only caches opened _connections_ between the
external network and the internal network (ie, an internal computer has an ip
assigned to a connection opened from a port number, at the NAT; only traffic
on that connection should go through, unless you've assigned an external IP
or port to the internal machine). At least, that's my understanding.

It is possible to fool the intelligence in a NAT by spoofing a redirect on a
current connection... that's someting you could try to do with snot, I think.

Another common situation is sending improper IP sequences to random ip's and
port's on the external interface; it may get lucky and get through to an
actual machine internally -- I'd really appreciate it if someone more
knowledgable could talk about stealth syns, resets, and the like that manage
to get through a NAT.

For that, nmap is probably the best tool.


--r
dorothy@oz:~> ls
scarecrow tinman lion
dorothy@oz:~> find . -name home
There's no place like home.

< Previous Next >
This Thread
References