[97242] in North American Network Operators' Group
Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)
daemon@ATHENA.MIT.EDU (Nicholas Suan)
Mon Jun 4 20:58:21 2007
Date: Mon, 4 Jun 2007 20:04:17 -0400
From: "Nicholas Suan" <nsuan@nonexiste.net>
Cc: "NANOG list" <nanog@nanog.org>
In-Reply-To: <MDEHLPKNGKAHNMBLJOLKAEEGEFAC.davids@webmaster.com>
Errors-To: owner-nanog@merit.edu
On 6/4/07, David Schwartz <davids@webmaster.com> wrote:
>
> I can give you the root password to a Linux machine running telnetd and
> sshd. If it's behind NAT/PAT, you will not get into it. Period.
>
Just because it's behind NAT, does not mean it's unreahcable from the internet:
Fenrir:~% telnet ipv4.nonexiste.net
[1028] 19:57:17
Trying 68.90.179.13...
Connected to ipv4.nonexiste.net.
Escape character is '^]'.
Password:
Last login: Sat Jun 2 14:26:58 2007 from inuyasha.nonexiste.net on pts/0
Linux nira 2.6.18-1-486 #1 Sat Oct 21 16:34:06 UTC 2006 i686 GNU/Linux
You have mail.
Last was Mon 04 Jun 2007 06:57:37 PM CDT on pts/8.
nira:~$ /sbin/ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:20:78:03:F6:B0
inet addr:172.16.16.8 Bcast:172.16.16.255 Mask:255.255.255.0
And no, that's not misconfigured.
