From: istong@stong.org
Date: Tue Oct 10 2006 - 13:10:21 ART
NAT will "hide" your inside IP's if doing PAT by making them
all appear as coming from one external IP. But if you are
hosting services you will have to do some static type MATing
of course. This then opens up subsequent inbound access to
the IP's/Ports you have open. The fact that you are NAT'ing
your inside private IP to an outside public IP doesn't
really buy you anything in and of itself if you are static
NAT'ing. There are advantages of using NAT but it's more a
function of what the firewall is doing versus what NAT is
doing for you.
Hope that helps
> Abel, If NAT is implemented will it avoid some of these
> issues like...
>
> Ex:- A HOME wireless router.. The Outside fellow can come
> to the WAN port to the Cable Modem. After that he does not
> know the inside Private IPS...
>
>
> On 10/10/06, Abel Aberra <aaberra@gmail.com> wrote:
> >
> > Completley off topic here...
> >
> > Curt, the spoofed IPs are not really meant to be used
> > for any purpose other
> > than to confuse the firewall/IDS so that it can't tell
> > who is actually performing the scan, so it can block it.
> > Also remember that a port-scan can
> > be done over a long period of time, such that
> > IDS/Firewall countermeasures wouldn't realize what was
> > happening. Most of the time a port scan is the first
> step in reconnaissance on a specific host that you want to
> > attack, not
> > the actual attack itself. Remember also that there is a
> > psychology to the whole thing. A network of bots can be
> > setup to perform a port scan on one host on a network to
> > keep the security staff busy trying to figure out who is
> doing the scan, while another real attack is taking place
> > on a different
> > host.
> >
> > One thing to always remember is for any defense there is
> > an offense. You're
> > never completely safe abstinence from the Internet is
> > the only sure countermeasure ;-).
> >
> > -Abel
> >
> > On 10/9/06, Brian McGahan
> > <bmcgahan@internetworkexpert.com> wrote: >
> > > That's why you configure an exception list to
> > > specify which hosts cannot be shunned. Granted the
> > > configuration may be excessive but you can still build
> > > a stable configuration to get around the design
> > problem you mentioned if you take the time. >
> > >
> > > HTH,
> > >
> > > Brian McGahan, CCIE #8593
> > > bmcgahan@internetworkexpert.com
> > >
> > > Internetwork Expert, Inc.
> > > http://www.InternetworkExpert.com
> > > Toll Free: 877-224-8987 x 705
> > > Outside US: 775-826-4344 x 705
> > > 24/7 Support: http://forum.internetworkexpert.com
> > > Live Chat: http://www.internetworkexpert.com/chat/
> > >
> > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com
> > > [mailto:nobody@groupstudy.com] On Behalf Of
> > > > Rodrigo Paes
> > > > Sent: Monday, October 09, 2006 6:12 PM
> > > > To: security@groupstudy.com; ccielab@groupstudy.com
> > > > Subject: Re: port scan
> > > >
> > > > I always though of shunning features as a shot in
> > > > the foot... imagine if someone does a port scan
> > > > using ... lets say... the DNS root servers ip
> addresses, or some other IP they know its heavily used....
> > > > it's a great DoS attack :D
> > > >
> > > > my 2cc
> > > >
> > > > []s
> > > > Rodrigo Paes
> > > > CCIE #14054 (R&S and SP)
> > > >
> > > >
> > > > On 10/9/06, ccie4u <sales@ccie4u.com> wrote:
> > > > > A port scan is as it sounds - someone is using a
> > > tool or utility to scan
> > > > > your IP to see what ports are listening and
> > > responding. This provides
> > > > them
> > > > > information on what ports and services you have
> > > running. They can then
> > > > > tailor an attack to those specific ports. You
> > > can't really stop someone
> > > > > from scanning your ports unless you have some
> > > software or hardware that
> > > > does
> > > > > intrusion detection.
> > > > >
> > > > > With some intrusion detection hardware and
> > > > software applications, it will
> > > > > detect a port scan and temporarily or permanently
> > > block all traffic from
> > > > > that source IP address. Of course if they are
> > > spoofing their source IP
> > > > > address it won't be all that effective.
> > > > >
> > > > >
> > > > > Hope that helps.
> > > > >
> > > > > Ian
> > > > > www.ccie4u.com
> > > > >
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: nobody@groupstudy.com
> > > [mailto:nobody@groupstudy.com] On Behalf Of
> > > > 2nd
> > > > > CCIE
> > > > > Sent: Saturday, September 23, 2006 3:50 AM
> > > > > To: security@groupstudy.com;
> > > > > ccielab@groupstudy.com Subject: port scan
> > > > >
> > > > > Folks ;
> > > > > I am trying to know more about port scan attack
> > > ..i have not find a
> > > > good
> > > > > source so far ..no much posts in this list about
> > > > this type of attack >
> > > > > can someone give some input or link about port
> > > > > scan and methods of stopping it ?
> > > > >
> > > > > appreciate in advance
> > > > >
> > > > >
> > > > >
> > > > > ---------------------------------
> > > > > All-new Yahoo! Mail - Fire up a more powerful
> > > email and get things done
> > > > > faster.
> > > > >
> > > > >
> > >
> __________________________________________________________
> > > > > _____________ Subscription information may be
> > > > > found at:
> http://www.groupstudy.com/list/CCIELab.html >
> >
> __________________________________________________________
> > _____________ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> __________________________________________________________
> _____________ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
_________________________________________
Check your Email accounts at MyEmail.com
Login from home, work, school. Anywhere!
This archive was generated by hypermail 2.1.4 : Wed Nov 01 2006 - 07:29:04 ART