NAT Attack presented at Hacktivity 2012

by Sndor Nagy,

Tags: Security

Summary : "In case of an online attacks, essential requirement on the attacker side is to hide the attacker's source IP. IP spoofing looks an obvious solution but cannot be used for sophisticated attacks for a very simple reason. The reply packets are delivered to the spoofed IP not to the attacker's node that makes even a simple TCP handshake impossible.
This speak describes an IP spoofing variant, the so-called NAT attack, that solves the reply packet issue with the following features
The communication between the target and attacker nodes is based on spoofed IPs
Although spoofed IPs are used, TCP connection can be established and used
The IP, hides the attacker, is not a proxy IP. The spoofed IP can be anything that complies with the attack's technical requirements.
The attack needs the manipulation of a network router, but the device can be anywhere on the Internet. Being on the path between the attacker and the target is not a requirement.
This speak presents the concept of the attack, describes and analyses a proof-of-concept configuration, based on the author's measurements investigates the vulnerabilities of the Internet router architecture and the possibility of taking over network routers' control."