Re: security without NAT?

From: Chris Hodgins (chodgins_at_cis.strath.ac.uk)
Date: 02/27/05

  • Next message: Ken Hawkins: "Re: complete rookie sendmail question" 
    Date: Sun, 27 Feb 2005 22:21:48 +0000
To: Stevan Tiefert <stevan@rot-1.de>

    Stevan Tiefert wrote:
    > Hello list,
    >
    > I have a thinking problem... If workstations in a private network have set
    > up a gateway, but the gateway has no NAT-deamon running, are the
    > workstations not able to be attacked? What happens if these workstations
    > behind this gateway are serving unprotected services (like shares on
    > Windows XP Home Edition which are NOT password protected), are they also
    > not be able to be attacked?
    >
    > I understand that if these workstations wants to request answers from
    > outside the private network are never getting answers, but is it possible
    > to see and attack theses workstations from outside?
    >
    > With regards
    > Stevan Tiefert
    >
    > _______________________________________________
    > freebsd-questions@freebsd.org mailing list
    > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
    > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
    >

    Well I just hope that you really locked down that gateway. :) You have
    a few probs here:

    1) Your gateway is hijacked leaving your unprotected boxes at the
    attackers mercy. Block everything

    2) Your unprotected machines are not up-to-date and by connecting to a
    dodgy public service something nasty is installed. Say IE flaw for example.

    3) You are running a wireless access point. Game over! :)

    There are probably more but those are some of the main problems. In
    general you are probably going to be ok as long as your gateway is
    locked down and if you run a WAP make sure it is also as secure as
    possible. It is still a risk though!

    HTH
    Chris
    _______________________________________________
    freebsd-questions@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-questions
    To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

  • Next message: Ken Hawkins: "Re: complete rookie sendmail question"

    Relevant Pages

    • Re: Suggest firewall for Win98se+ICS(dialup)+NAV
      ... > gateway for a peer-to-peer LAN with two workstations behind it? ... > Whatever software firewall you select should be capable of at least using ... There are no apps at all on the box I'm building for the client ...
      (comp.security.firewalls)
    • Re: Suggest firewall for Win98se+ICS(dialup)+NAV
      ... gateway for a peer-to-peer LAN with two workstations behind it? ... use some sort of software firewall, e.g., SPF, as a network gateway ... to install some log analyzers on whatever PSF you install on the gateway ...
      (comp.security.firewalls)
    • security without NAT?
      ... If workstations in a private network have set ... up a gateway, but the gateway has no NAT-deamon running, are the ... to see and attack theses workstations from outside? ...
      (freebsd-questions)
    • Re: Help! W2003 & LinkSys WRT54G & cant get shared Internet Connection
      ... Clients are setup for obtain DNS and DCHP automatically - I thought ... that would also assign a default gateway - but default gateway appears ... I tried it gateway set with the LinkSys static IP as that's what I ... > What do the workstations have set as their default gateway and are they ...
      (microsoft.public.windows.server.networking)
    • Re: Can see the LAN, but not the internet
      ... When you ping you get the "Just 'request timed out". ... As i mentioned before, when you use ipconfig/all "all the dns, gateway, ... subnet, etc is all the same except the ip for the individual workstations, ... > You're using DHCP, right? ...
      (microsoft.public.windowsxp.network_web)