North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)

  • From: Nicholas Suan
  • Date: Mon Jun 04 21:12:01 2007
  • Dkim-signature: a=rsa-sha1; c=relaxed/relaxed;; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=e8w1OUoyMRc5W9b9K9WN/jkfqFBUA7jwTdH4gSVNyk++EZJCL102+R2CeR/PPUb+hp2HFyb5LjM5w7ehT66gurpwu6Eib5MKjV5UZP5fKiqo6isIFVIw6xbegFAk8Hd0IGMPRqzn+j+xfbZyHeg+xyQwZrtSz6E4XLl9Q7B2f1c=
  • Domainkey-signature: a=rsa-sha1; c=nofws;; s=beta; h=received:message-id:date:from:sender:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=LO4pQbW7cFYJr9v014X3YN2SPHCXMNgGpm7oEuMJvuVQZasBsBgyXrFgcqBDh+ffCN+oIc9bG+0DbazHmTDOCsHo9PG6UUd+O/EDtogdaLDnR4BcniuS/7iCk3F4OZ5FPVrj6trFR2SVY1IdhQUtpiSkUKulxwu6H908WXUfDGU=

On 6/4/07, David Schwartz <[email protected]> wrote:

I can give you the root password to a Linux machine running telnetd and sshd. If it's behind NAT/PAT, you will not get into it. Period.

Just because it's behind NAT, does not mean it's unreahcable from the internet:

Fenrir:~% telnet
    [1028] 19:57:17
Connected to
Escape character is '^]'.
Last login: Sat Jun  2 14:26:58 2007 from on pts/0
Linux nira 2.6.18-1-486 #1 Sat Oct 21 16:34:06 UTC 2006 i686 GNU/Linux

You have mail.
Last was Mon 04 Jun 2007 06:57:37 PM CDT on pts/8.

nira:~$ /sbin/ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:20:78:03:F6:B0
         inet addr:  Bcast:  Mask:

And no, that's not misconfigured.