I'll answer this by posting a snippet from a post Anders Pettersson made to this list just over a month ago (08-14-2002 in US date notation):
---- It can not be stressed enough that NAT alone is _no protection at all_, there must be some filtering or you are running wide open looking for trouble. By adding a route to the network you can directly reach the machines from outside the NAT box, something like[1] # route add -net 192.168/16 gw 123.123.123.123 would do. Then just ping around to find what hosts are alive... It is raining on the Internet. Don't leave your house with the windows open... [1] Assuming the corporate LAN uses 192.168.0.0--192.168.255.255 as their internal addresses and the gateways external IP is 123.123.123.123. ---- In other words, NAT gains you pretty much nothing for security. The existance of your network behind a NATting device might not be immediately obvious to someone scanning from the outside, but anyone watching traffic from your NAT device will be able to figure out pretty easily that there is a network behind that one IP address, and if they care to probe to see what is there, the NAT does not do much to protect the network. Randy Graham -----Original Message----- From: Schuler, Jeff [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 25, 2002 1:17 PM To: [EMAIL PROTECTED] Subject: Network Address Translation insecurities I am looking for information regarding the insecurities and vulnerabilities that exist in Network Address Translation. One of our admins feels that because everything is NAT'd that there is no way anyone can break into the systems that are NAT'd. I know that this is not a completely accurate statement but need to find some research and documentation regarding this. All our systems are behind at least one firewall so please don't advise me to install a firewall as extra security as they are already there. I just want to make sure that we are not overlooking serious vulnerabilities just because the box is behind a NAT. In order to justify doing vulnerability testing on some of our internal systems I need to demonstrate the insecurities in NAT. Thanks in advance Jeff Schuler