North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)
- From: Nicholas Suan
- Date: Mon Jun 04 21:12:01 2007
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=e8w1OUoyMRc5W9b9K9WN/jkfqFBUA7jwTdH4gSVNyk++EZJCL102+R2CeR/PPUb+hp2HFyb5LjM5w7ehT66gurpwu6Eib5MKjV5UZP5fKiqo6isIFVIw6xbegFAk8Hd0IGMPRqzn+j+xfbZyHeg+xyQwZrtSz6E4XLl9Q7B2f1c=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=LO4pQbW7cFYJr9v014X3YN2SPHCXMNgGpm7oEuMJvuVQZasBsBgyXrFgcqBDh+ffCN+oIc9bG+0DbazHmTDOCsHo9PG6UUd+O/EDtogdaLDnR4BcniuS/7iCk3F4OZ5FPVrj6trFR2SVY1IdhQUtpiSkUKulxwu6H908WXUfDGU=
On 6/4/07, David Schwartz <[email protected]> wrote:
I can give you the root password to a Linux machine running telnetd and
sshd. If it's behind NAT/PAT, you will not get into it. Period.
Just because it's behind NAT, does not mean it's unreahcable from the internet:
Fenrir:~% telnet ipv4.nonexiste.net
[1028] 19:57:17
Trying 68.90.179.13...
Connected to ipv4.nonexiste.net.
Escape character is '^]'.
Password:
Last login: Sat Jun 2 14:26:58 2007 from inuyasha.nonexiste.net on pts/0
Linux nira 2.6.18-1-486 #1 Sat Oct 21 16:34:06 UTC 2006 i686 GNU/Linux
You have mail.
Last was Mon 04 Jun 2007 06:57:37 PM CDT on pts/8.
nira:~$ /sbin/ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:20:78:03:F6:B0
inet addr:172.16.16.8 Bcast:172.16.16.255 Mask:255.255.255.0
And no, that's not misconfigured.
|