[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

piercing ipmasq

This message could just as easily be posted in debian-firewall but I'm
no longer subscribed there. ;p

I've been wanting to poke at the ipchains ruleset in ipmasq for
sometime. It looks pretty tight to me, but one of the things I would
like to test is sneaking certain ICMP pkts from externel(Internet) to
internal. So here is the scenario:

--------        oo      oo       ---------- /
| evil |       o          o      |        |/
| host |-------  Internet o------|firewall|---
|      |       o  cloud   o      |        |\
--------        oo      oo       ---------- \----------
                  oooooo                     |        |
                                             | target |
                                             |  host  |

So I am trying to poke through from evil host and my target is target
host. Notice that target host has a non-routeable address. So my
question is:

How can I formulate my ICMP packet at evil host s.t. it may get to
target host. I can't just put target host's IP address in the DEST
field because it will never be able to travel the Internet due to the
non-routable DEST address. Is this a job for src routing? Is there
some other way to handle this?

I didn't mention this, but I am assuming that the firewall itself is
secure. Meaning user@evilhost cannot install netcat or some other
method of port-forwarding and no ipmasqadm rules have been applied on
the firewall. 

Nathan Valentine - nathan@uky.edu
AIM: NRVesKY ICQ: 39023424

Reply to: