[Dshield] Request for Information re: Linksys Router Logging and Dshield Submissions

Mark Tombaugh mtombaugh at alliedcc.com
Thu Oct 16 21:53:35 GMT 2003


On Thursday 16 October 2003 12:23 pm, John Holmblad wrote:
>  In general it would appear that the only vulnerability of a NAT/PAT
> router without any mapping of incoming connections to available
> services, would be the case of "session hijacking" where an attacker,
> using a "man in the middle" attack, is able to take over an open
> "transaction query response pair", say of a UDP based service on the LAN
> that is awaiting a UDP response from the Internet side of such a
> session. 

Keep in mind that a router or firewall that does not perform outbound packet 
filtering, even with zero static nat or pat entries and no inbound ports 
open, still leaves you vulnerable to backdoors. If an intruder was able to 
get an executable running on your system, through whatever means necessary, 
the executable could establish the connection to any machine that it had a 
route to. Even worse, in most cases the router would not log any of it.

-- 
   Mark Tombaugh <mtombaugh at alliedcc.com>
   Allied Computer Corporation <http://www.alliedcc.com>
   USiHOST, iNC. <http://www.usihost.com>




More information about the list mailing list