NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Pen-test> 2008-09

Re: attack on a computer behind a nat.

fleetscribblersocket.net
Date: Tue Sep 09 2008 - 13:27:22 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Michael,

I'm unsure of the intended target, but personally, I would start by
looking for remote administration access to whatever device is
performing NAT. Generally speaking, if remote access is enabled, simply
brute-forcing an account is usually sufficient to gain you proximity.
From there, one could port forward to the machine inside - although it
may not have any services running that could be exploited. With access
to the routing device, one could also tamper w/ DNS (depending upon the
users config), setup a bogus DNS server that returns an A record for a
machine under your control, and have at it.

Also, a large number of smaller providers tend to forget about SNMP
when sending out CPE to customers. (I'm referring to DSL customers
mostly, although I've seen this w/ cable customers too). SNMP polling
using the "public" community string tends to give worthy information -
connected devices, uptime, octets xferered/received, possibly connection
tracking information (Don't quote me on that last one though). With
connection tracking information and proximity, you _might_ be able to do
something - I personally wouldn't waste my time on it.

You might also check out
http://www.phrack.com/issues.html?issue=65&id=5 for an idea as to how
NAT handles passive FTP, IRC DCC, SIP, TFTP, etc..

That's a few things off the top of my head... as far as actually
performing the attack - think about your motive for asking the question
in the first place. Whatever your beef is - I'd probably let it go.

-madsara

Michael Kitange wrote:
> hi, list.
> is there any way to send an attack to a computer behind a nat box?
> possibly modify a packet header, i know the ip that the computer is
> using behind the nat. any help is appreciated.
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]