Re: Just want to keep the crap out!!
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: Just want to keep the crap out!!

From: DigitalVinyl <DigitalVinyl@internet.com>
Date: Sun Mar 26 2006 - 03:06:33 CEST



Sebastian Gottschalk <seppi@seppig.de> wrote:



>Rod Engelsman wrote:


>> Volker Birk wrote:


>>> DigitalVinyl <DigitalVinyl@internet.com> wrote:


>>>> Any soho router will provide the majority of protection through


>>>> hardware NAT. (various irate counter replies I'm sure will follow)


>>> Yes, because NAT is not a security feature, and never was intended for


>>> being one.


>> 


>> But it's a nice side-effect.


>


>It *can be* a side-effect, not necessarily reliable. Too many defective


>implementations out there, and actually a full-forwarding 1:1 NAT is not


>even a defect.


>


>> At any


>> given time the only open paths through the router will be a couple of


>> high-numbered ports that don't connect to any services.


>


>Like RPC on 1025-1030? 1433,1434? 5000? So far nothing been on 3124 and


>4500.



That's uniportant. If those ports are bound to a service they won't be


opened as an outgoing port on that PC. 



My browser uses outgoing port 1045 to connect to yahoo:80.


Someone would have to target that 1045 port while i'm using it. They


wouldn't know what application is in use or protocol unless they


worked for my ISP and could gain access to the wire. They would have


to slip into the open stream and execute some man-in-the middle attack


which exploited somethign about the protocol or application talking.


If the NAT is decently implemented the attacker would have to be


spoofing the IP address of yahoo:80, which means, again, physically


positioning into the stream is likely needed to receive responses.



Even when I finish, they would still need to perform the same kind of


exploit against my time_wait'd connection. Again, they owuld have to


target me all day long on a port and hope they get lucky, very very


lucky. 



It is a silly scenario.  Mostly when I read about man in the middle


attacks, they are an attack on a secondary host, after a host has


already been compromised giving the hacker a beachhead, physically


located within an infrastructure. This gives them the opportunity to


masquerade as other servers, spoofing etc, which can be a critical


component to steal  an existing communication stream.



>> Real world: Nobody gives a rat's ass what I have on my computer.


>> Not enough to spend any time trying to hack me.


>


>That's why exploits are automated and targeting a broad mass of


>potential targets.


>


>> The value of home computers to hackers is in creating botnets to set up DDOS


>> attacks and such. This is accomplished when you unwittingly install crap


>> on your own machine by opening email attachments promising naked


>> pictures of Britney Spears.


>


>Or surfing the web with IE. Recently my Unpatched counter hit the 50 and


>has never been 0 since 1998...


Received on Mon May  1 01:02:36 2006