By the fact that several spam net send messages have made it through I doubt there useing much stateful firewall filtering if any. Perhaps these connections are being made through a sort of source-routing bruteforcing, i.e. sending packets to the perimeter with methodically random private addresses for the next hop. There's not that many private network ranges, and since the private addresses are only one hop from the perimeter router, it shouldn't be to difficult, at least in theory. I'm gonna try to devise a method to test whether it works.Originally posted here by lessthanzero
Well, there are a few methods to bypass NAT that I'm aware of...here goes:
2. Source-routing
This is when packets coming from "outisde" the NAT device contain crafted/forged source & destination header information, thus dictating how the packet(S) should be routed on the other side of the device.
To pull off source-routing you'd have to possess intimate knowledge of the target topology- both public-facing and private-facing. Sending forged packets for a network/host that doesn't exist within the private architecture isn't going to do well for you.
Also, stateful packet inspection will/should prevent this b/c packets are going to be compared to translation/connection tables in the device. It is highly likely that the crafted/forged packets your source-routing with won't match a valid connection entry in the table and will be dropped.
<0
Reply With Quote