RE: [Leaf-user] internal NAT question

Fri, 26 Apr 2002 12:43:54 -0700 

Phillip,

        The security implications are the same as having that port on that machine
exposed directly to the internet.

        Example:

        Portforwarding port 3389 ( Terminal Server ) from the firewall to port 3389
on a NT/2000 system behind the firewall.

        Terminal Server is totally exposed, it's like taking a pipe and tunneling
all communications on port 3389 to the NT/2000 system.  So if there is a
vulnerability in Terminal Server ( which there is ) then Terminal Server is
suceptable to this vulnerability, despite the fact that you have the
firewall in place.

        During a scan of your firewall ( with port forwarding enabled on port
3389 ) you would see that port 3389 was open and accepting connections.  So
you would know that there was a Terminal Server connection there, but the
TCP/IP signature and timing would look like a Linux box.  Opening a Terminal
Server connection to the box would bring up a Terminal Server login screen
to a potential intruder.  Then he/she could attempt to gain access using any
other information that could be gleened from the scan, and possibly guess
usernames/passwords etc, or use a known Terminal Server vulnerability to
gain access.


        So in short, port forwarding is creating a tunnel from your firewall into
the internal system. Any traffic directed at your firewall on that port will
be transferred directly to the internal system.


Hope this helps,


Steve

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, April 26, 2002 9:12 AM
To: [EMAIL PROTECTED]
Subject: [Leaf-user] internal NAT question




I have situations in which my vpn router is a peer to a proxy server.
The proxy server is the default gateway for the servers behind it.

Therefore I use NAT on the internal interface to force traffic to the
servers
back through the router.

This is approximately the same thing as port forwarding.  Does anyone
know of any security implications in this?

Thanx.



_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user





_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Reply via email to