Hi All,
I would like to test my firewall, but have a NAT box
between me and the various firewall tests I know
of. Anyone know of a firewall test that shoots
through NAT?
Many thanks,
-T
firewall test and NAT
MultiQuote#2 John John - MVP
Posted 07 May 2009 - 12:35 PM
ToddAndMargo wrote:
> Hi All,
>
> I would like to test my firewall, but have a NAT box
> between me and the various firewall tests I know
> of. Anyone know of a firewall test that shoots
> through NAT?
NAT would be pretty useless if anything could just "shoot" through it.
Open (forward) a port in the box or temporarily disable/bypass the NAT
box for your tests.
John
> Hi All,
>
> I would like to test my firewall, but have a NAT box
> between me and the various firewall tests I know
> of. Anyone know of a firewall test that shoots
> through NAT?
NAT would be pretty useless if anything could just "shoot" through it.
Open (forward) a port in the box or temporarily disable/bypass the NAT
box for your tests.
John
#3 ToddAndMargo
Posted 07 May 2009 - 12:45 PM
John John - MVP wrote:
> ToddAndMargo wrote:
>> Hi All,
>>
>> I would like to test my firewall, but have a NAT box
>> between me and the various firewall tests I know
>> of. Anyone know of a firewall test that shoots
>> through NAT?
>
> NAT would be pretty useless if anything could just "shoot" through it.
> Open (forward) a port in the box or temporarily disable/bypass the NAT
> box for your tests.
>
> John
Hi John,
The bad guys know all about NAT. And it is indeed useless
as a firewall.
The bad guys start with 192.168.0.0/24 and work their way
up. Check your firewall logs, you will see SYN packet probes
on it all the time: about 1/100 if you did not use NAT, but
still enough to do damage. NAT is *not* a firewall -- it is
a common misconception.
I was hoping to way to test it without redoing anything
on my network.
-T
> ToddAndMargo wrote:
>> Hi All,
>>
>> I would like to test my firewall, but have a NAT box
>> between me and the various firewall tests I know
>> of. Anyone know of a firewall test that shoots
>> through NAT?
>
> NAT would be pretty useless if anything could just "shoot" through it.
> Open (forward) a port in the box or temporarily disable/bypass the NAT
> box for your tests.
>
> John
Hi John,
The bad guys know all about NAT. And it is indeed useless
as a firewall.
The bad guys start with 192.168.0.0/24 and work their way
up. Check your firewall logs, you will see SYN packet probes
on it all the time: about 1/100 if you did not use NAT, but
still enough to do damage. NAT is *not* a firewall -- it is
a common misconception.
I was hoping to way to test it without redoing anything
on my network.
-T
#4 John John - MVP
Posted 07 May 2009 - 12:56 PM
ToddAndMargo wrote:
> John John - MVP wrote:
>> ToddAndMargo wrote:
>>> Hi All,
>>>
>>> I would like to test my firewall, but have a NAT box
>>> between me and the various firewall tests I know
>>> of. Anyone know of a firewall test that shoots
>>> through NAT?
>>
>> NAT would be pretty useless if anything could just "shoot" through it.
>> Open (forward) a port in the box or temporarily disable/bypass the NAT
>> box for your tests.
>>
>> John
>
> Hi John,
>
> The bad guys know all about NAT. And it is indeed useless
> as a firewall.
>
> The bad guys start with 192.168.0.0/24 and work their way
> up. Check your firewall logs, you will see SYN packet probes
> on it all the time: about 1/100 if you did not use NAT, but
> still enough to do damage. NAT is *not* a firewall -- it is
> a common misconception.
>
> I was hoping to way to test it without redoing anything
> on my network.
I'm by no means any kind of expert on this but my understanding about
NAT is that it will only allow traffic in if the request for the packets
originated from within. You say that you have a "NAT box" I assume that
to be a router of sorts, check the documentation for your router.
John
> John John - MVP wrote:
>> ToddAndMargo wrote:
>>> Hi All,
>>>
>>> I would like to test my firewall, but have a NAT box
>>> between me and the various firewall tests I know
>>> of. Anyone know of a firewall test that shoots
>>> through NAT?
>>
>> NAT would be pretty useless if anything could just "shoot" through it.
>> Open (forward) a port in the box or temporarily disable/bypass the NAT
>> box for your tests.
>>
>> John
>
> Hi John,
>
> The bad guys know all about NAT. And it is indeed useless
> as a firewall.
>
> The bad guys start with 192.168.0.0/24 and work their way
> up. Check your firewall logs, you will see SYN packet probes
> on it all the time: about 1/100 if you did not use NAT, but
> still enough to do damage. NAT is *not* a firewall -- it is
> a common misconception.
>
> I was hoping to way to test it without redoing anything
> on my network.
I'm by no means any kind of expert on this but my understanding about
NAT is that it will only allow traffic in if the request for the packets
originated from within. You say that you have a "NAT box" I assume that
to be a router of sorts, check the documentation for your router.
John
#5 ToddAndMargo
Posted 07 May 2009 - 01:33 PM
John John - MVP wrote:
> ToddAndMargo wrote:
>> John John - MVP wrote:
>>> ToddAndMargo wrote:
>>>> Hi All,
>>>>
>>>> I would like to test my firewall, but have a NAT box
>>>> between me and the various firewall tests I know
>>>> of. Anyone know of a firewall test that shoots
>>>> through NAT?
>>>
>>> NAT would be pretty useless if anything could just "shoot" through
>>> it. Open (forward) a port in the box or temporarily disable/bypass
>>> the NAT box for your tests.
>>>
>>> John
>>
>> Hi John,
>>
>> The bad guys know all about NAT. And it is indeed useless
>> as a firewall.
>>
>> The bad guys start with 192.168.0.0/24 and work their way
>> up. Check your firewall logs, you will see SYN packet probes
>> on it all the time: about 1/100 if you did not use NAT, but
>> still enough to do damage. NAT is *not* a firewall -- it is
>> a common misconception.
>>
>> I was hoping to way to test it without redoing anything
>> on my network.
>
> I'm by no means any kind of expert on this but my understanding about
> NAT is that it will only allow traffic in if the request for the packets
> originated from within. You say that you have a "NAT box" I assume that
> to be a router of sorts, check the documentation for your router.
>
> John
Hi John,
It is a router.
The trouble with NAT is that the bad guys just slap their
guess as to what your internal off Internet address on
to their probe. They find you very quickly if your internal
off Internet address is 192.168.0.xxx. (Recommendation:
pick an internal address other than 192.168.0.0/24 or
192.168.1.0/24.)
NAT does not stop incoming requests called SYN (TCP) or
state "New" (TCP or UDP). It only stops traffic not
properly addressed to your internal network. Enough
guessing and the bad guys will find you.
NAT is *NOT* a firewall. You take you rear end in your hands
if you rely on NAT to protect you from port probes.
-T
> ToddAndMargo wrote:
>> John John - MVP wrote:
>>> ToddAndMargo wrote:
>>>> Hi All,
>>>>
>>>> I would like to test my firewall, but have a NAT box
>>>> between me and the various firewall tests I know
>>>> of. Anyone know of a firewall test that shoots
>>>> through NAT?
>>>
>>> NAT would be pretty useless if anything could just "shoot" through
>>> it. Open (forward) a port in the box or temporarily disable/bypass
>>> the NAT box for your tests.
>>>
>>> John
>>
>> Hi John,
>>
>> The bad guys know all about NAT. And it is indeed useless
>> as a firewall.
>>
>> The bad guys start with 192.168.0.0/24 and work their way
>> up. Check your firewall logs, you will see SYN packet probes
>> on it all the time: about 1/100 if you did not use NAT, but
>> still enough to do damage. NAT is *not* a firewall -- it is
>> a common misconception.
>>
>> I was hoping to way to test it without redoing anything
>> on my network.
>
> I'm by no means any kind of expert on this but my understanding about
> NAT is that it will only allow traffic in if the request for the packets
> originated from within. You say that you have a "NAT box" I assume that
> to be a router of sorts, check the documentation for your router.
>
> John
Hi John,
It is a router.
The trouble with NAT is that the bad guys just slap their
guess as to what your internal off Internet address on
to their probe. They find you very quickly if your internal
off Internet address is 192.168.0.xxx. (Recommendation:
pick an internal address other than 192.168.0.0/24 or
192.168.1.0/24.)
NAT does not stop incoming requests called SYN (TCP) or
state "New" (TCP or UDP). It only stops traffic not
properly addressed to your internal network. Enough
guessing and the bad guys will find you.
NAT is *NOT* a firewall. You take you rear end in your hands
if you rely on NAT to protect you from port probes.
-T
#6 John John - MVP
Posted 07 May 2009 - 01:57 PM
ToddAndMargo wrote:
> John John - MVP wrote:
>> ToddAndMargo wrote:
>>> John John - MVP wrote:
>>>> ToddAndMargo wrote:
>>>>> Hi All,
>>>>>
>>>>> I would like to test my firewall, but have a NAT box
>>>>> between me and the various firewall tests I know
>>>>> of. Anyone know of a firewall test that shoots
>>>>> through NAT?
>>>>
>>>> NAT would be pretty useless if anything could just "shoot" through
>>>> it. Open (forward) a port in the box or temporarily disable/bypass
>>>> the NAT box for your tests.
>>>>
>>>> John
>>>
>>> Hi John,
>>>
>>> The bad guys know all about NAT. And it is indeed useless
>>> as a firewall.
>>>
>>> The bad guys start with 192.168.0.0/24 and work their way
>>> up. Check your firewall logs, you will see SYN packet probes
>>> on it all the time: about 1/100 if you did not use NAT, but
>>> still enough to do damage. NAT is *not* a firewall -- it is
>>> a common misconception.
>>>
>>> I was hoping to way to test it without redoing anything
>>> on my network.
>>
>> I'm by no means any kind of expert on this but my understanding about
>> NAT is that it will only allow traffic in if the request for the
>> packets originated from within. You say that you have a "NAT box" I
>> assume that to be a router of sorts, check the documentation for your
>> router.
>>
>> John
>
> Hi John,
>
> It is a router.
>
> The trouble with NAT is that the bad guys just slap their
> guess as to what your internal off Internet address on
> to their probe. They find you very quickly if your internal
> off Internet address is 192.168.0.xxx. (Recommendation:
> pick an internal address other than 192.168.0.0/24 or
> 192.168.1.0/24.)
>
> NAT does not stop incoming requests called SYN (TCP) or
> state "New" (TCP or UDP). It only stops traffic not
> properly addressed to your internal network. Enough
> guessing and the bad guys will find you.
I don't think that is how it works. My router stops SYN floods and
operates in stealth mode, you could be "knocking" all you want but you
ain't gonna come in!
John
> John John - MVP wrote:
>> ToddAndMargo wrote:
>>> John John - MVP wrote:
>>>> ToddAndMargo wrote:
>>>>> Hi All,
>>>>>
>>>>> I would like to test my firewall, but have a NAT box
>>>>> between me and the various firewall tests I know
>>>>> of. Anyone know of a firewall test that shoots
>>>>> through NAT?
>>>>
>>>> NAT would be pretty useless if anything could just "shoot" through
>>>> it. Open (forward) a port in the box or temporarily disable/bypass
>>>> the NAT box for your tests.
>>>>
>>>> John
>>>
>>> Hi John,
>>>
>>> The bad guys know all about NAT. And it is indeed useless
>>> as a firewall.
>>>
>>> The bad guys start with 192.168.0.0/24 and work their way
>>> up. Check your firewall logs, you will see SYN packet probes
>>> on it all the time: about 1/100 if you did not use NAT, but
>>> still enough to do damage. NAT is *not* a firewall -- it is
>>> a common misconception.
>>>
>>> I was hoping to way to test it without redoing anything
>>> on my network.
>>
>> I'm by no means any kind of expert on this but my understanding about
>> NAT is that it will only allow traffic in if the request for the
>> packets originated from within. You say that you have a "NAT box" I
>> assume that to be a router of sorts, check the documentation for your
>> router.
>>
>> John
>
> Hi John,
>
> It is a router.
>
> The trouble with NAT is that the bad guys just slap their
> guess as to what your internal off Internet address on
> to their probe. They find you very quickly if your internal
> off Internet address is 192.168.0.xxx. (Recommendation:
> pick an internal address other than 192.168.0.0/24 or
> 192.168.1.0/24.)
>
> NAT does not stop incoming requests called SYN (TCP) or
> state "New" (TCP or UDP). It only stops traffic not
> properly addressed to your internal network. Enough
> guessing and the bad guys will find you.
I don't think that is how it works. My router stops SYN floods and
operates in stealth mode, you could be "knocking" all you want but you
ain't gonna come in!
John
#7 ToddAndMargo
Posted 07 May 2009 - 02:06 PM
John John - MVP wrote:
> I don't think that is how it works. My router stops SYN floods and
> operates in stealth mode, you could be "knocking" all you want but you
> ain't gonna come in!
>
> John
Hi John,
The is a good feature to have. But, is not NAT. It is an
additional feature. I was specifically referring only to NAT.
What scares me is people with $15.00 routers with NAT thinking
it is a real firewall.
-T
> I don't think that is how it works. My router stops SYN floods and
> operates in stealth mode, you could be "knocking" all you want but you
> ain't gonna come in!
>
> John
Hi John,
The is a good feature to have. But, is not NAT. It is an
additional feature. I was specifically referring only to NAT.
What scares me is people with $15.00 routers with NAT thinking
it is a real firewall.
-T
#8 John John - MVP
Posted 07 May 2009 - 03:01 PM
ToddAndMargo wrote:
> John John - MVP wrote:
>
>> I don't think that is how it works. My router stops SYN floods and
>> operates in stealth mode, you could be "knocking" all you want but you
>> ain't gonna come in!
>>
>> John
>
> Hi John,
>
> The is a good feature to have. But, is not NAT. It is an
> additional feature. I was specifically referring only to NAT.
>
> What scares me is people with $15.00 routers with NAT thinking
> it is a real firewall.
I think that your assessment of how easily NAT can be broken is
overblown, consider this, if your firewall tests can't make it through
your NAT box it isn't as flimsy as you make it out to be! If anyone is
that worried they can put their private IP address in the Class A range
and give the hackers a "few" more doors to knock on. But I do have to
agree with you that you get what you pay for and that a $15 router may
not be the best thing to have between your network and the internet!
John
> John John - MVP wrote:
>
>> I don't think that is how it works. My router stops SYN floods and
>> operates in stealth mode, you could be "knocking" all you want but you
>> ain't gonna come in!
>>
>> John
>
> Hi John,
>
> The is a good feature to have. But, is not NAT. It is an
> additional feature. I was specifically referring only to NAT.
>
> What scares me is people with $15.00 routers with NAT thinking
> it is a real firewall.
I think that your assessment of how easily NAT can be broken is
overblown, consider this, if your firewall tests can't make it through
your NAT box it isn't as flimsy as you make it out to be! If anyone is
that worried they can put their private IP address in the Class A range
and give the hackers a "few" more doors to knock on. But I do have to
agree with you that you get what you pay for and that a $15 router may
not be the best thing to have between your network and the internet!
John
#9 ToddAndMargo
Posted 07 May 2009 - 03:13 PM
John John - MVP wrote:
> I think that your assessment of how easily NAT can be broken is
> overblown, consider this, if your firewall tests can't make it through
> your NAT box it isn't as flimsy as you make it out to be!
You are missing the point. The firewall test sites that don't shoot
through NAT do not tag the secondary off internet address on to
their attack packets. In those tests, everything comes back perfect
because they are being rejected by the router.
Now if the test site took your secondary off Internet address from
your initial SYN packet to log into their site and probed you, the
router would pass their probes right through.
> If anyone is
> that worried they can put their private IP address in the Class A range
> and give the hackers a "few" more doors to knock on. But I do have to
> agree with you that you get what you pay for and that a $15 router may
> not be the best thing to have between your network and the internet!
>
> John
Best Buy is ready and waiting for the $15.00 crowd: their Geek Squid
will happily wipe your hard drive clean and reinstall windows for you!
> I think that your assessment of how easily NAT can be broken is
> overblown, consider this, if your firewall tests can't make it through
> your NAT box it isn't as flimsy as you make it out to be!
You are missing the point. The firewall test sites that don't shoot
through NAT do not tag the secondary off internet address on to
their attack packets. In those tests, everything comes back perfect
because they are being rejected by the router.
Now if the test site took your secondary off Internet address from
your initial SYN packet to log into their site and probed you, the
router would pass their probes right through.
> If anyone is
> that worried they can put their private IP address in the Class A range
> and give the hackers a "few" more doors to knock on. But I do have to
> agree with you that you get what you pay for and that a $15 router may
> not be the best thing to have between your network and the internet!
>
> John
Best Buy is ready and waiting for the $15.00 crowd: their Geek Squid
will happily wipe your hard drive clean and reinstall windows for you!
#10 ToddAndMargo
Posted 07 May 2009 - 03:16 PM
ToddAndMargo wrote:
> John John - MVP wrote:
>> I think that your assessment of how easily NAT can be broken is
>> overblown, consider this, if your firewall tests can't make it through
>> your NAT box it isn't as flimsy as you make it out to be!
>
> You are missing the point. The firewall test sites that don't shoot
> through NAT do not tag the secondary off internet address on to
> their attack packets. In those tests, everything comes back perfect
> because they are being rejected by the router.
>
> Now if the test site took your secondary off Internet address from
> your initial SYN packet to log into their site and probed you, the
> router would pass their probes right through.
>
>
>> If anyone is that worried they can put their private IP address in the
>> Class A range and give the hackers a "few" more doors to knock on.
>> But I do have to agree with you that you get what you pay for and that
>> a $15 router may not be the best thing to have between your network
>> and the internet!
>>
>> John
>
> Best Buy is ready and waiting for the $15.00 crowd: their Geek Squid
> will happily wipe your hard drive clean and reinstall windows for you!
Squid was a typo. :-)
He who pays the least, pays the most
> John John - MVP wrote:
>> I think that your assessment of how easily NAT can be broken is
>> overblown, consider this, if your firewall tests can't make it through
>> your NAT box it isn't as flimsy as you make it out to be!
>
> You are missing the point. The firewall test sites that don't shoot
> through NAT do not tag the secondary off internet address on to
> their attack packets. In those tests, everything comes back perfect
> because they are being rejected by the router.
>
> Now if the test site took your secondary off Internet address from
> your initial SYN packet to log into their site and probed you, the
> router would pass their probes right through.
>
>
>> If anyone is that worried they can put their private IP address in the
>> Class A range and give the hackers a "few" more doors to knock on.
>> But I do have to agree with you that you get what you pay for and that
>> a $15 router may not be the best thing to have between your network
>> and the internet!
>>
>> John
>
> Best Buy is ready and waiting for the $15.00 crowd: their Geek Squid
> will happily wipe your hard drive clean and reinstall windows for you!
Squid was a typo. :-)
He who pays the least, pays the most
#11 Leythos
Posted 07 May 2009 - 04:10 PM
In article <#2gS5#zzJHA.4116@TK2MSFTNGP04.phx.gbl>,
ToddAndMargo@invalid.com says...
>
> Hi All,
>
> I would like to test my firewall, but have a NAT box
> between me and the various firewall tests I know
> of. Anyone know of a firewall test that shoots
> through NAT?
LOL, NAT doesn't have things "Shoot Through" it, that would break NAT.
If you want to test, most of those cheap, crappy, NAT routers have a
fake DMZ IP address, just map the DMZ to the same IP as your computer.
The DMZ IP gets all traffic that you have not created rules for, in most
NAT routers.
--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
ToddAndMargo@invalid.com says...
>
> Hi All,
>
> I would like to test my firewall, but have a NAT box
> between me and the various firewall tests I know
> of. Anyone know of a firewall test that shoots
> through NAT?
LOL, NAT doesn't have things "Shoot Through" it, that would break NAT.
If you want to test, most of those cheap, crappy, NAT routers have a
fake DMZ IP address, just map the DMZ to the same IP as your computer.
The DMZ IP gets all traffic that you have not created rules for, in most
NAT routers.
--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
#12 Leythos
Posted 07 May 2009 - 04:28 PM
Forget my last post I was wrong, you need to format your hd and reinstall
windows.
--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam9999fre@rohio.com (remove 999 for proper email address)
"Leythos" wrote in message
news:004bdcc4$0$14705$c3e8da3@news.astraweb.com...
> In article <#2gS5#zzJHA.4116@TK2MSFTNGP04.phx.gbl>,
> ToddAndMargo@invalid.com says...
>>
>> Hi All,
>>
>> I would like to test my firewall, but have a NAT box
>> between me and the various firewall tests I know
>> of. Anyone know of a firewall test that shoots
>> through NAT?
>
> LOL, NAT doesn't have things "Shoot Through" it, that would break NAT.
>
> If you want to test, most of those cheap, crappy, NAT routers have a
> fake DMZ IP address, just map the DMZ to the same IP as your computer.
> The DMZ IP gets all traffic that you have not created rules for, in most
> NAT routers.
>
> --
> - Igitur qui desiderat pacem, praeparet bellum.
> - Calling an illegal alien an "undocumented worker" is like calling a
> drug dealer an "unlicensed pharmacist"
> spam999free@rrohio.com (remove 999 for proper email address)
windows.
--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam9999fre@rohio.com (remove 999 for proper email address)
"Leythos"
news:004bdcc4$0$14705$c3e8da3@news.astraweb.com...
> In article <#2gS5#zzJHA.4116@TK2MSFTNGP04.phx.gbl>,
> ToddAndMargo@invalid.com says...
>>
>> Hi All,
>>
>> I would like to test my firewall, but have a NAT box
>> between me and the various firewall tests I know
>> of. Anyone know of a firewall test that shoots
>> through NAT?
>
> LOL, NAT doesn't have things "Shoot Through" it, that would break NAT.
>
> If you want to test, most of those cheap, crappy, NAT routers have a
> fake DMZ IP address, just map the DMZ to the same IP as your computer.
> The DMZ IP gets all traffic that you have not created rules for, in most
> NAT routers.
>
> --
> - Igitur qui desiderat pacem, praeparet bellum.
> - Calling an illegal alien an "undocumented worker" is like calling a
> drug dealer an "unlicensed pharmacist"
> spam999free@rrohio.com (remove 999 for proper email address)
#13 Leythos
Posted 07 May 2009 - 04:58 PM
In article <7gJMl.25461$BZ3.21524@newsfe12.iad>, spam9999free@rrohio.com
says...
>
> Forget my last post I was wrong, you need to format your hd and reinstall
> windows.
The above post was not by Leythos, it was a faked post and shows the
lack of ethics and lack of Honesty of Butts and his sock TrollBuster.
--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
says...
>
> Forget my last post I was wrong, you need to format your hd and reinstall
> windows.
The above post was not by Leythos, it was a faked post and shows the
lack of ethics and lack of Honesty of Butts and his sock TrollBuster.
--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
#14 Leythos
Posted 07 May 2009 - 05:24 PM
In article <7gJMl.25461$BZ3.21524@newsfe12.iad>, spam9999free@rrohio.com
says...
>
> Forget my last post I was wrong, you need to format your hd and reinstall
> windows.
The above post was not by Leythos, it was a faked post and shows the
lack of ethics and lack of Honesty of Butts and his sock TrollBuster.
--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam9999fre@rohio.com (remove 999 for proper email address)
"
says...
>
> Forget my last post I was wrong, you need to format your hd and reinstall
> windows.
The above post was not by Leythos, it was a faked post and shows the
lack of ethics and lack of Honesty of Butts and his sock TrollBuster.
--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam9999fre@rohio.com (remove 999 for proper email address)
"
#15 Leythos
Posted 07 May 2009 - 05:26 PM
In article <7gJMl.25461$BZ3.21524@newsfe12.iad>, spam9999free@rrohio.com
says...
>
> Forget my last post I was wrong, you need to format your hd and reinstall
> windows.
The above post was not by Leythos, it was a faked post and shows the
lack of ethics and lack of Honesty of Butts and his sock TrollBuster.
--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam9999fre@rohio.com (remove 999 for proper email address)
says...
>
> Forget my last post I was wrong, you need to format your hd and reinstall
> windows.
The above post was not by Leythos, it was a faked post and shows the
lack of ethics and lack of Honesty of Butts and his sock TrollBuster.
--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam9999fre@rohio.com (remove 999 for proper email address)
#16 Leythos
Posted 07 May 2009 - 06:05 PM
In article <35KMl.23466$Rf7.17660@newsfe21.iad>, spam9999free@rrohio.com
says...
> Path: news.astraweb.com!border1.newsrouter.astraweb.com!npeer01.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!post02.iad.highwinds-media.com!newsfe21.iad.POSTED!4b08191c!not-for-mail
> From: "Leythos"
> Newsgroups: microsoft.public.windowsxp.general
> References: <#2gS5#zzJHA.4116@TK2MSFTNGP04.phx.gbl> <004bdcc4$0$14705$c3e8da3@news.astraweb.com> <7gJMl.25461$BZ3.21524@newsfe12.iad>
> In-Reply-To: <7gJMl.25461$BZ3.21524@newsfe12.iad>
> Subject: Re: firewall test and NAT- Another Impersonation by Butts
> Lines: 20
> MIME-Version: 1.0
> Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response
> Content-Transfer-Encoding: 7bit
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
> X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049
> X-Antivirus: avast! (VPS 090507-0, 05/07/2009), Outbound message
> X-Antivirus-Status: Clean
> Message-ID: <35KMl.23466$Rf7.17660@newsfe21.iad>
> X-Complaints-To: abuse@teranews.com
> NNTP-Posting-Date: Thu, 07 May 2009 23:24:47 UTC
> Organization: TeraNews.com
> Date: Thu, 7 May 2009 16:24:41 -0700
>
> In article <7gJMl.25461$BZ3.21524@newsfe12.iad>, spam9999free@rrohio.com
> says...
> >
> > Forget my last post I was wrong, you need to format your hd and reinstall
> > windows.
>
>
> The above post was not by Leythos, it was a faked post and shows the
> lack of ethics and lack of Honesty of Butts and his sock TrollBuster.
>
And the headers prove another impersonation by the resident unethical
hack.
--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
says...
> Path: news.astraweb.com!border1.newsrouter.astraweb.com!npeer01.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!post02.iad.highwinds-media.com!newsfe21.iad.POSTED!4b08191c!not-for-mail
> From: "Leythos"
> Newsgroups: microsoft.public.windowsxp.general
> References: <#2gS5#zzJHA.4116@TK2MSFTNGP04.phx.gbl> <004bdcc4$0$14705$c3e8da3@news.astraweb.com> <7gJMl.25461$BZ3.21524@newsfe12.iad>
> In-Reply-To: <7gJMl.25461$BZ3.21524@newsfe12.iad>
> Subject: Re: firewall test and NAT- Another Impersonation by Butts
> Lines: 20
> MIME-Version: 1.0
> Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response
> Content-Transfer-Encoding: 7bit
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
> X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049
> X-Antivirus: avast! (VPS 090507-0, 05/07/2009), Outbound message
> X-Antivirus-Status: Clean
> Message-ID: <35KMl.23466$Rf7.17660@newsfe21.iad>
> X-Complaints-To: abuse@teranews.com
> NNTP-Posting-Date: Thu, 07 May 2009 23:24:47 UTC
> Organization: TeraNews.com
> Date: Thu, 7 May 2009 16:24:41 -0700
>
> In article <7gJMl.25461$BZ3.21524@newsfe12.iad>, spam9999free@rrohio.com
> says...
> >
> > Forget my last post I was wrong, you need to format your hd and reinstall
> > windows.
>
>
> The above post was not by Leythos, it was a faked post and shows the
> lack of ethics and lack of Honesty of Butts and his sock TrollBuster.
>
And the headers prove another impersonation by the resident unethical
hack.
--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
#17 Leythos
Posted 07 May 2009 - 06:06 PM
In article , spam9999free@rrohio.com
says...
> Path: news.astraweb.com!border2.newsrouter.astraweb.com!indigo.octanews.net!news-out.octanews.net!teal.octanews.net!nx01.iad01.newshosting.com!newshosting.com!69.16.185.16.MISMATCH!npeer02.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!post02.iad.highwinds-media.com!newsfe21.iad.POSTED!4b08191c!not-for-mail
> From: "Leythos"
> Newsgroups: microsoft.public.windowsxp.general
> References: <#2gS5#zzJHA.4116@TK2MSFTNGP04.phx.gbl> <004bdcc4$0$14705$c3e8da3@news.astraweb.com> <7gJMl.25461$BZ3.21524@newsfe12.iad>
> In-Reply-To: <7gJMl.25461$BZ3.21524@newsfe12.iad>
> Subject: Re: firewall test and NAT- Another Impersonation by Butts
> Lines: 17
> MIME-Version: 1.0
> Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response
> Content-Transfer-Encoding: 7bit
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
> X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049
> X-Antivirus: avast! (VPS 090507-0, 05/07/2009), Outbound message
> X-Antivirus-Status: Clean
> Message-ID:
> X-Complaints-To: abuse@teranews.com
> NNTP-Posting-Date: Thu, 07 May 2009 23:26:11 UTC
> Organization: TeraNews.com
> Date: Thu, 7 May 2009 16:26:09 -0700
>
> In article <7gJMl.25461$BZ3.21524@newsfe12.iad>, spam9999free@rrohio.com
> says...
> >
> > Forget my last post I was wrong, you need to format your hd and reinstall
> > windows.
>
> The above post was not by Leythos, it was a faked post and shows the
> lack of ethics and lack of Honesty of Butts and his sock TrollBuster.
>
And the headers prove another impersonation by the resident unethical
hack.
--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
says...
> Path: news.astraweb.com!border2.newsrouter.astraweb.com!indigo.octanews.net!news-out.octanews.net!teal.octanews.net!nx01.iad01.newshosting.com!newshosting.com!69.16.185.16.MISMATCH!npeer02.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!post02.iad.highwinds-media.com!newsfe21.iad.POSTED!4b08191c!not-for-mail
> From: "Leythos"
> Newsgroups: microsoft.public.windowsxp.general
> References: <#2gS5#zzJHA.4116@TK2MSFTNGP04.phx.gbl> <004bdcc4$0$14705$c3e8da3@news.astraweb.com> <7gJMl.25461$BZ3.21524@newsfe12.iad>
> In-Reply-To: <7gJMl.25461$BZ3.21524@newsfe12.iad>
> Subject: Re: firewall test and NAT- Another Impersonation by Butts
> Lines: 17
> MIME-Version: 1.0
> Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response
> Content-Transfer-Encoding: 7bit
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
> X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049
> X-Antivirus: avast! (VPS 090507-0, 05/07/2009), Outbound message
> X-Antivirus-Status: Clean
> Message-ID:
> X-Complaints-To: abuse@teranews.com
> NNTP-Posting-Date: Thu, 07 May 2009 23:26:11 UTC
> Organization: TeraNews.com
> Date: Thu, 7 May 2009 16:26:09 -0700
>
> In article <7gJMl.25461$BZ3.21524@newsfe12.iad>, spam9999free@rrohio.com
> says...
> >
> > Forget my last post I was wrong, you need to format your hd and reinstall
> > windows.
>
> The above post was not by Leythos, it was a faked post and shows the
> lack of ethics and lack of Honesty of Butts and his sock TrollBuster.
>
And the headers prove another impersonation by the resident unethical
hack.
--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
#18 Brian A.
Posted 07 May 2009 - 06:22 PM
> The trouble with NAT is that the bad guys just slap their
> guess as to what your internal off Internet address on
> to their probe. They find you very quickly if your internal
> off Internet address is 192.168.0.xxx. (Recommendation:
> pick an internal address other than 192.168.0.0/24 or
> 192.168.1.0/24.)
>
> NAT does not stop incoming requests called SYN (TCP) or
> state "New" (TCP or UDP). It only stops traffic not
> properly addressed to your internal network. Enough
> guessing and the bad guys will find you.
If that were to be true, every network in the universe would be no more,
Port probes are being performed 24/7 and have been for years.
The Client sends a SYN to the Server requesting a connection.
The Server sends back a SYN-ACK to the Client acknowledging the request.
The Client responds with an ACK and the connection is completed.
Port probes are looking for any open Port, and if they don't find one, they
move on to the next possible victim without ever responding with an ACK to
the Server. Without an ACK response from the Client, the Server will wait X
amount of time before sending another SYN-ACK, then again, and again, etc.
until it reaches it's max set of times to send. It's when a Sever is
overwhelmed with these Half-Open connections that it becomes a real issue.
--
Brian A. Sesko
Conflicts start where information lacks.
http://basconotw.mvps.org/
Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375
#19 Bruce Chambers
Posted 07 May 2009 - 09:38 PM
ToddAndMargo wrote:
> John John - MVP wrote:
>> ToddAndMargo wrote:
>>> John John - MVP wrote:
>>>> ToddAndMargo wrote:
>>>>> Hi All,
>>>>>
>>>>> I would like to test my firewall, but have a NAT box
>>>>> between me and the various firewall tests I know
>>>>> of. Anyone know of a firewall test that shoots
>>>>> through NAT?
>>>>
>>>> NAT would be pretty useless if anything could just "shoot" through
>>>> it. Open (forward) a port in the box or temporarily disable/bypass
>>>> the NAT box for your tests.
>>>>
>>>> John
>>>
>>> Hi John,
>>>
>>> The bad guys know all about NAT. And it is indeed useless
>>> as a firewall.
>>>
>>> The bad guys start with 192.168.0.0/24 and work their way
>>> up. Check your firewall logs, you will see SYN packet probes
>>> on it all the time: about 1/100 if you did not use NAT, but
>>> still enough to do damage. NAT is *not* a firewall -- it is
>>> a common misconception.
>>>
>>> I was hoping to way to test it without redoing anything
>>> on my network.
>>
>> I'm by no means any kind of expert on this but my understanding about
>> NAT is that it will only allow traffic in if the request for the
>> packets originated from within. You say that you have a "NAT box" I
>> assume that to be a router of sorts, check the documentation for your
>> router.
>>
>> John
>
> Hi John,
>
> It is a router.
>
> The trouble with NAT is that the bad guys just slap their
> guess as to what your internal off Internet address on
> to their probe. They find you very quickly if your internal
> off Internet address is 192.168.0.xxx. (Recommendation:
> pick an internal address other than 192.168.0.0/24 or
> 192.168.1.0/24.)
>
Assuming one is silly enough to leave that NAT router set to factory
defaults.....
--
Bruce Chambers
Help us help you:
http://www.catb.org/...-questions.html
http://support.micro....aspx/kb/555375
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. ~Benjamin Franklin
Many people would rather die than think; in fact, most do. ~Bertrand Russell
The philosopher has never killed any priests, whereas the priest has
killed a great many philosophers.
~ Denis Diderot
> John John - MVP wrote:
>> ToddAndMargo wrote:
>>> John John - MVP wrote:
>>>> ToddAndMargo wrote:
>>>>> Hi All,
>>>>>
>>>>> I would like to test my firewall, but have a NAT box
>>>>> between me and the various firewall tests I know
>>>>> of. Anyone know of a firewall test that shoots
>>>>> through NAT?
>>>>
>>>> NAT would be pretty useless if anything could just "shoot" through
>>>> it. Open (forward) a port in the box or temporarily disable/bypass
>>>> the NAT box for your tests.
>>>>
>>>> John
>>>
>>> Hi John,
>>>
>>> The bad guys know all about NAT. And it is indeed useless
>>> as a firewall.
>>>
>>> The bad guys start with 192.168.0.0/24 and work their way
>>> up. Check your firewall logs, you will see SYN packet probes
>>> on it all the time: about 1/100 if you did not use NAT, but
>>> still enough to do damage. NAT is *not* a firewall -- it is
>>> a common misconception.
>>>
>>> I was hoping to way to test it without redoing anything
>>> on my network.
>>
>> I'm by no means any kind of expert on this but my understanding about
>> NAT is that it will only allow traffic in if the request for the
>> packets originated from within. You say that you have a "NAT box" I
>> assume that to be a router of sorts, check the documentation for your
>> router.
>>
>> John
>
> Hi John,
>
> It is a router.
>
> The trouble with NAT is that the bad guys just slap their
> guess as to what your internal off Internet address on
> to their probe. They find you very quickly if your internal
> off Internet address is 192.168.0.xxx. (Recommendation:
> pick an internal address other than 192.168.0.0/24 or
> 192.168.1.0/24.)
>
Assuming one is silly enough to leave that NAT router set to factory
defaults.....
--
Bruce Chambers
Help us help you:
http://www.catb.org/...-questions.html
http://support.micro....aspx/kb/555375
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. ~Benjamin Franklin
Many people would rather die than think; in fact, most do. ~Bertrand Russell
The philosopher has never killed any priests, whereas the priest has
killed a great many philosophers.
~ Denis Diderot
#20 ToddAndMargo
Posted 08 May 2009 - 12:00 AM
Brian A. wrote:
>
>> The trouble with NAT is that the bad guys just slap their
>> guess as to what your internal off Internet address on
>> to their probe. They find you very quickly if your internal
>> off Internet address is 192.168.0.xxx. (Recommendation:
>> pick an internal address other than 192.168.0.0/24 or
>> 192.168.1.0/24.)
>>
>> NAT does not stop incoming requests called SYN (TCP) or
>> state "New" (TCP or UDP). It only stops traffic not
>> properly addressed to your internal network. Enough
>> guessing and the bad guys will find you.
>
> If that were to be true, every network in the universe would be no
> more, Port probes are being performed 24/7 and have been for years.
>
> The Client sends a SYN to the Server requesting a connection.
> The Server sends back a SYN-ACK to the Client acknowledging the request.
> The Client responds with an ACK and the connection is completed.
>
> Port probes are looking for any open Port, and if they don't find one,
> they move on to the next possible victim without ever responding with an
> ACK to the Server. Without an ACK response from the Client, the Server
> will wait X amount of time before sending another SYN-ACK, then again,
> and again, etc. until it reaches it's max set of times to send. It's
> when a Sever is overwhelmed with these Half-Open connections that it
> becomes a real issue.
>
Hi Brian,
You are correct. You are missing that the probe can include an
internal address as well as the required external address.
An unsuccessful sample attack on my machine for you:
kernel: Incomming SYN IN=eth1 OUT= MAC= SRC=192.168.1.1 DST=192.168.1.46
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=228 DF PROTO=TCP SPT=1030 DPT=80
WINDOW=8192 RES=0x00 SYN URGP=0
Translation:
SRC is my NAT router (192.168.1.1) on my 1st Ethernet port
RST is a virtual machine (192.168.1.46) on my second Ethernet
port that has not run for over three weeks (currently off)
SYN is a SYN packet
The probe got right through my NAT router (and got stopped by my
software firewall). NAT is a good idea in a lot of ways.
And it does stop tons of state=new packets. But, as I have
shown, you can poke through it. It takes a lot more skill,
so it does cut way down on the bad guys attempt to probe
you. But it does not stop all unsolicited state=new probes.
This is why I am tell everyone that doubts me that
*NAT is not a firewall*.
-T
>
>> The trouble with NAT is that the bad guys just slap their
>> guess as to what your internal off Internet address on
>> to their probe. They find you very quickly if your internal
>> off Internet address is 192.168.0.xxx. (Recommendation:
>> pick an internal address other than 192.168.0.0/24 or
>> 192.168.1.0/24.)
>>
>> NAT does not stop incoming requests called SYN (TCP) or
>> state "New" (TCP or UDP). It only stops traffic not
>> properly addressed to your internal network. Enough
>> guessing and the bad guys will find you.
>
> If that were to be true, every network in the universe would be no
> more, Port probes are being performed 24/7 and have been for years.
>
> The Client sends a SYN to the Server requesting a connection.
> The Server sends back a SYN-ACK to the Client acknowledging the request.
> The Client responds with an ACK and the connection is completed.
>
> Port probes are looking for any open Port, and if they don't find one,
> they move on to the next possible victim without ever responding with an
> ACK to the Server. Without an ACK response from the Client, the Server
> will wait X amount of time before sending another SYN-ACK, then again,
> and again, etc. until it reaches it's max set of times to send. It's
> when a Sever is overwhelmed with these Half-Open connections that it
> becomes a real issue.
>
Hi Brian,
You are correct. You are missing that the probe can include an
internal address as well as the required external address.
An unsuccessful sample attack on my machine for you:
kernel: Incomming SYN IN=eth1 OUT= MAC= SRC=192.168.1.1 DST=192.168.1.46
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=228 DF PROTO=TCP SPT=1030 DPT=80
WINDOW=8192 RES=0x00 SYN URGP=0
Translation:
SRC is my NAT router (192.168.1.1) on my 1st Ethernet port
RST is a virtual machine (192.168.1.46) on my second Ethernet
port that has not run for over three weeks (currently off)
SYN is a SYN packet
The probe got right through my NAT router (and got stopped by my
software firewall). NAT is a good idea in a lot of ways.
And it does stop tons of state=new packets. But, as I have
shown, you can poke through it. It takes a lot more skill,
so it does cut way down on the bad guys attempt to probe
you. But it does not stop all unsolicited state=new probes.
This is why I am tell everyone that doubts me that
*NAT is not a firewall*.
-T
Sign In
Register
Help