[e2e] Re: NAT usage at large companies

RJ Atkinson rja at extremenetworks.com
Fri Oct 18 14:41:44 PDT 2002

On Friday, Oct 18, 2002, at 12:13 America/Montreal, 
davide+e2e at cs.cmu.edu wrote:
> An approach which (say) moves a machine from vulnerabilities
> exploitable by script kiddies to vulnerabilities exploitable only
> by "professionals" is *some* increase in security.

Unfortunately, deployment of NAT by itself does not generally provide
the level of protection increase that you outline above.  This has
at least been pretty widely understood within the IETF Security Area.

>> It is generally possible for an attacker to piggyback network
>> attacks on sessions for which NAT session state predictably
>> exists.  Users are often surprised at how predictable such session
>> state happens to be.
> I would be surprised to learn of such state exploitable by cookbook
> crack scripts.  Either way, I (and, I suspect, other members of
> the list) would be interested in any pointers you might have to
> descriptions of exploiting predictable session state.

It is time to be surprised then.  And sorry to be frustrating,
but I never discuss the details of specific attack vectors.


More information about the end2end-interest mailing list