-
March 2nd, 2004, 03:36 AM
#11
If you were on an internal ip, could you use software such as no-ip to give your computer a hostname. (http://www.no-ip.com/). Or would it just assign the hostname to the gateway/DMZ?
The command completed successfully.
\"They drew first blood not me.\"
-
March 2nd, 2004, 07:32 PM
#12
Member
It would assign it to the public IP(gateway), so unless you had access to it and could forward it on to your private one, you'd be out of luck.
[gloworange]
find /home/$newbie -name *? | www.google.com 2>/dev/null
[/gloworange]
-
March 2nd, 2004, 10:12 PM
#13
Looks a lot like my ZoneAlarm's logs when i put my PC's IP address as being in the DMZ on my Linksys or Netgear firewalls. It sees everything which is what this seems to be doing.
Check to make sure you didn't put yourself in the DMZ.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
March 3rd, 2004, 12:12 AM
#14
Junior Member
Why would NAT have to be "bypassed" for you to see this traffic. I think you're missing an important piece of network address translation. Key point - NAT does not provide any security whatsoever. It simply translates source and destination addresses. If the ISP has not configured any access-lists on their router (most ISPs don't restrict any Internet traffic - check your end user agreement) then all Internet traffic will be permitted through to your host. No source routing or any other sourcery is necessary.
If the ISPs router is configured with a dynamic NAT pool, your host will be assigned a public IP from the pool, which the router will maintain in it's translation table for a predefined timeout period. While the translation state is maintained in the router, every packet going to the public IP will make it through to your internal IP address and vice versa.
As far as PAT goes, I doubt the ISP is using any type of address overload function on the router because PAT ONLY works with TCP and UDP traffic. Traffic such as ESP, AH and GRE will not be port address translated. Because of the loss of functionality by using PAT, the ISP will most likely use some sort of dynamic NAT pool WITHOUT access-lists.
_TOMDAQ
-
March 3rd, 2004, 03:01 PM
#15
Originally posted here by br_fusion
If you were on an internal ip, could you use software such as no-ip to give your computer a hostname. (http://www.no-ip.com/). Or would it just assign the hostname to the gateway/DMZ?
There is a way to do this, some company with a z in the name offerd a solution (thats the closest I can come to remembering I havent delt with them for a while) basicly a client is put on your machine it runs out to their dns server and oppens a session through nat, then any request for your IP comes in on that client as a host routed request.
Who is more trustworthy then all of the gurus or Buddha’s?
-
March 3rd, 2004, 07:01 PM
#16
Member
I think tomdaq nailed it. I"m assuming that there using NAT overloading here, when they may very well have a large public IP pool dynamically assigned(this would explain why I occassionally can't get past my gateway router in the evening) which without Access lists would provide full access to my internal addressed computer.
[gloworange]
find /home/$newbie -name *? | www.google.com 2>/dev/null
[/gloworange]
-
March 4th, 2004, 02:51 AM
#17
Tomdaq, many would argue that NAT can provide some security, if, in this case, on your home network you are using NAT and have non routable IP addresses then all people are going to be able to do is hit your external IP address.
So, if your set up is Router ----> Internal machine (on Non routable IP)
then you are afforded some protection in that no one outside your router can send a packet to you machine at will, only by having a trojan installed on your machine, or by taking over your router, can they get to you.
Now, on large corp networks the majority of the users will not have NAT addresses and instead will show as coming from one IP address (e.g hide NAT on FW1), the firewall (which they hopefully have) maintains state on their connections and routes the traffic appropriately, so no one on the outside can get to those boxes either.
Of course the counter arguement to this would be that if the firewall is operating correctly then it doesn`t matter if routable addresses are being used or not as the firewall controls the flow of traffic.
NAT isn`t much use for machines that are actually using a static NAT to provide an IP address as they can be reached regardless.
Quis custodiet ipsos custodes
-
March 4th, 2004, 05:09 AM
#18
Junior Member
R0n1n, I suppose it depends on the router you are using and the manufacturer's interpretation of NAT. If your router has a built in firewall, then some protection will be afforded, however, NAT by itself will not drop any traffic to the public IP. It simply changes the source or destination address accordingly and passes the traffic to the internal/external network. If the router is doing PAT/address overload (or "hide NAT" as Checkpoint calls it) then, yes only packets responding to traffic generated from inside the router will be permitted back into the internal network. Once again, this is not NAT but PAT. As I mentioned before, I am speculating that extremez' ISP is using a NAT pool (possibly with overload enabled in the event that all the IPs in the pool are used up, as extremez had previously mentioned), otherwise he would not be experiencing the issue in question.
_TOMDAQ
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|