oriolrius.cat

Des del 2000 compartiendo sobre…

Vulnerabilitat al Netfilter NAT

Reading time: 1 – 2 minutes

No tenia ni idea però llegint la securityfocus m’he trobat amb
aquesta vulnerabilitat, de fet tp és res d l’altre món.

Doncs res aquí va una descripció de l’error:

It is possible for a remote user to discover ports on a firewall that are
mapped to systems behind the firewall via NAT. By sending a TCP packet to a
port on a system with a TTL less than the total amount of hops to the firewall,
when the packet is routed to the host via NAT, a ICMP TTL Expired response will
be generated. This response, generated by the host at the end of the NAT rule,
will not be translated by the NAT system.

De fet no hi ha cap solució encara, però Redhat proposa aquest
‘workarround’:

‘iptables -A OUTPUT -m state -p icmp –state INVALID -j DROP’

Pos res això demostra q res és perfecta…

One thought on “Vulnerabilitat al Netfilter NAT

Últimas entradas

Add a New Dropdown Menu in OpenWRT LUCI

Reading time: 3 – 5 minutes OpenWRT, the popular open-source Linux operating system designed for embedded devices, offers the LUCI interface for easy configuration and management. LUCI is essentially the web interface for OpenWRT, and while it’s already feature-rich, sometimes

Leer más »
Archivo