Sorry but I would just like to point out that NAT is not a security feature. At best
it is a very very very poor security through obscurity feature. NAT was designed for
us poor people who cannot afford to have a public IP address for every machine on
their own network.
Evan
>>> "Dan Ferris" <[EMAIL PROTECTED]> 07/26/01 01:17AM >>>
This may not seem bad, but to me it seems that this defeats the point of NAT
if somebody can steal your sessions. Note the section on TCP sequence
prediction. This was a Sonicwall SOHO firewall.
=======
Host (192.168.1.254) appears to be up ... good.
Initiating SYN half-open stealth scan against (192.168.1.254)
Adding TCP port 80 (state open).
The SYN scan took 8 seconds to scan 1523 ports.
For OSScan assuming that port 80 is open and port 1 is closed and neither
are firewalled
Interesting ports on (192.168.1.254):
(The 1518 ports scanned but not shown below are in state: closed)
Port State Service
23/tcp filtered telnet
67/tcp filtered bootps
80/tcp open http
137/tcp filtered netbios-ns
514/tcp filtered shell
TCP Sequence Prediction: Class=64K rule
Difficulty=1 (Trivial joke)
Sequence numbers: 3EC519BD 3EC613BD 3EC70DBD 3EC807BD 3EC901BD 3EC9FBBD
Remote operating system guess: Accelerated Networks - High Speed Integrated
Access VoDSL
OS Fingerprint:
TSeq(Class=64K)
T1(Resp=Y%DF=N%W=2000%ACK=S++%Flags=AS%Ops=MNW)
T2(Resp=N)
T3(Resp=Y%DF=N%W=2000%ACK=O%Flags=A%Ops=)
T4(Resp=Y%DF=N%W=2000%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=0%ULEN=134%DAT=E)
Nmap run completed -- 1 IP address (1 host up) scanned in 8 seconds
======
Dan Ferris
Percept Technology
mailto:[EMAIL PROTECTED]
http://www.percept.com