Thread: 192.168.0.x Hackable?!
View Single Post

   
  #8 (permalink)  
Old 02-19-2008, 10:31 AM
An Metet
 
Posts: n/a
Default Re: 192.168.0.x Hackable?!
NOTE: This message was sent thru a mail2news gateway.
No effort was made to verify the identity of the sender.
--------------------------------------------------------

pgp trash troll delete

George Georgakis <geeg@tripleg.go.away.spammers.net.au> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1

> PackMule <packmule13@yahoo.com> wrote:

> > I have a Slackware (9.1) box set up that only has one IP of
> > 192.168.0.96. I have been under the impression that this is safe from
> > the outside world because it's not a routable address but someone I
> > know who I've always respected says that it's not safe. I still keep
> > pretty up to date with patches and whatnot but would be interested in
> > finding out who's right. If I am wrong I guess I'll have to start
> > paying a little more attention.

> Quoting from http://www.dalantech.com/boards/showflat-Cat--Board-
> networking-Number-30916-page-1-view-collapsed-sb-5-o--fpart-1.html:

> Dalantech: "I often get asked "If I have NAT, then why do I need a
> firewall?". I posed the same question too Da Fade and asked him if
> he could give me a really good response -here is his reply:"

> Da Fade: "Easy answer ... NAT isn't a firewall. Does it block ports
> by default? No. Does it prevent Denial of Service? No. Most importantly,
> does it perform connection state inspection? A big NO!

> Example: Mr. Joe Unprotected goes browsing out on the net. He starts a
> telnet session out of his NAT protected device. He ends his session.
> Guess what? The mapping for his session is still on the unit. It hasn't
> yet timed out.

> Enter Joe Hacker. He starts to do some port scans on Mr. Unprotected and
> runs into a port allowing him in. Joe thinks, "Hmmm, weak firewall." Joe
> has some fun playing around on hosts for a while through 'holes' made by
> the users behind the NAT device. Eventually Some of the ports begin to
> timeout (the NAT mapping has reached the end of its life). This upsets the
> hacker greatly. In response, he decides to kill Mr. Unprotected's bandwidth
> with some Denial of Service attacks.

> The attacks are highly successful. Mr. Unprotected loses hours of service,
> and tons of money, because he wasn't smart enough to believe what everyone
> was telling him .... NAT is no substitute for a Firewall.

> What I'm saying is that even though Joe Hacker can't see the private IP
> addressing on the inside, that doesn't mean he can't access the inside
> network. NAT will happily reverse the mapping as traffic flows in from the
> public network as long as it has a map already, even one that's temporary.
> Some NAT devices have ungodly long timeout values.

> Spending a little extra for REAL security will make the difference between
> real protection, and a thin candy shell called NAT."

> - --
> George Georgakis geegATtripleg_net_au http://www.tripleg.net.au/
> SlackBuild Central - http://slackpack.tripleg.net.au/

> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

> iQA/AwUBQKP5hklp3nJf7PixEQK7jQCeLnAT+fS44cejg6ft2Itnfk sh7a8An3OF
> S8e+48YeWlpoLNKjVMQegPqj
> =kFq2
> -----END PGP SIGNATURE-----




























Reply With Quote