March 29th, 2004, 03:59 AM
non routable IP question
when your net work IP's are in 192.168.x.x range, how can the attacker even reach anything inside. i thought that these IP's are non-routable so isn't just THAT enough to keep the attackers out...
URL's welcome ... thanx
March 29th, 2004, 04:20 AM
well, I know that I use a router that assigns all the computers within the 192.168.*.* ip's. Also, I run a few different services which in the web interface of my router I can point to the correct internal ip. That is one way I guess when you open it up for a service that is vulnerable. Also, sometimes the hardware can be vulnerable with no services running on the computers inside. Maybe the webserver for your router's web interface has a vulnerability that can be exploited who knows. I think that could happen and in that way an attacker can get in. With open wireless it is very easy to get access to these internal computers cause once you're on the wireless you're in the network and have access to whatever is running on the other computer's, provided they don't have a software firewall or something running. Hope this helped.
March 29th, 2004, 04:36 AM
If the attacker could gain access to the router, then they could launch further attacks from there that would reach the 192.168.x.x addresses on your local net.
March 29th, 2004, 05:08 AM
Do you have mutch of an understanding of TCP/IP? Your question is regarding NAT or network address translation. In theory, yes, that is the case, the non routable addresses are innaccessable for new connections initiated from the outside. In a perfect world, NAT would be perfect protection against anything that didn't occur on a connection initiated from inside.
Sometimes there are exploits for routers, once they are controlled by an attacker, they can be configured to allow access to the internal network. Holes can also be found in the way some routers do NAT and until patched, will allow specially crafted attacks through. Most often, however, attacks occur through routers that are configured wrong. The process of NAT allows one computers worth of ports to be accessable FROM the internet. Thus, a computer, though on the internal network, can be made completely visible to the internet if if configured that way. Similarly, select ports from select internal systems can be made available to the internet.
For example, port 80(http) of a webserver on the internal network, can be made visible to the internet. Another computers port 22(ssh) can also be made visible.
Though these computers are on the internal network, their port 80 and 22 respectively are fully open to the internet and can be attacked. There are many mechanisms to prevent any attack from being successful or anonymous, but the danger remainains if ports are exposed to the internet. The problem occurs when either ports that should not be exposed are exposed (like the service for windows that let's you browse their hard drive), or an insecure server is running on one of the ports (like early versions of microsofts webserver... some would say any version ).
That's about it, let us know if you didn't catch any of that,
March 29th, 2004, 11:02 PM
yes i do understand tcpip. the only thing i am saying is that i have a watchguard hd firewall (basically a router) and configured so it won't even respond to outside ping...
there are no services running "for" the outside... only a domain on the inside
the network is practically invisible ... now you tell me what can a attacker do to reach the inside ... are there any techniques?