Check out the articles on SANS regarding egress filtering. Basically, you
want to make sure you are one step ahead of attackers using spoofed IP
addresses.
Google search for:
site:sans.org "egress filtering"
This one has a couple walkthrough scenarios for ipchains, Firewall-1, and
Cisco routers:
http://www.sans.org/y2k/egress.htm
Hope this helps,
Glenn
-----Original Message-----
From: Schuler, Jeff [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 25, 2002 10:17 AM
To: [EMAIL PROTECTED]
Subject: Network Address Translation insecurities
I am looking for information regarding the insecurities and vulnerabilities
that exist in Network Address Translation. One of our admins feels that
because everything is NAT'd that there is no way anyone can break into the
systems that are NAT'd. I know that this is not a completely accurate
statement but need to find some research and documentation regarding this.
All our systems are behind at least one firewall so please don't advise me
to install a firewall as extra security as they are already there. I just
want to make sure that we are not overlooking serious vulnerabilities just
because the box is behind a NAT. In order to justify doing vulnerability
testing on some of our internal systems I need to demonstrate the
insecurities in NAT.
Thanks in advance
Jeff Schuler
