piercing ipmasq
This message could just as easily be posted in debian-firewall but I'm
no longer subscribed there. ;p
I've been wanting to poke at the ipchains ruleset in ipmasq for
sometime. It looks pretty tight to me, but one of the things I would
like to test is sneaking certain ICMP pkts from externel(Internet) to
internal. So here is the scenario:
oooooo
-------- oo oo ---------- /
| evil | o o | |/
| host |------- Internet o------|firewall|---
| | o cloud o | |\
-------- oo oo ---------- \----------
oooooo | |
| target |
| host |
----------
192.168.2.54
So I am trying to poke through from evil host and my target is target
host. Notice that target host has a non-routeable address. So my
question is:
How can I formulate my ICMP packet at evil host s.t. it may get to
target host. I can't just put target host's IP address in the DEST
field because it will never be able to travel the Internet due to the
non-routable DEST address. Is this a job for src routing? Is there
some other way to handle this?
I didn't mention this, but I am assuming that the firewall itself is
secure. Meaning user@evilhost cannot install netcat or some other
method of port-forwarding and no ipmasqadm rules have been applied on
the firewall.
--
---
Nathan Valentine - nathan@uky.edu
AIM: NRVesKY ICQ: 39023424
Reply to: