From owner-freebsd-questions@FreeBSD.ORG Sun Feb 27 22:16:45 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B603B16A4CE for ; Sun, 27 Feb 2005 22:16:45 +0000 (GMT) Received: from smtphost.cis.strath.ac.uk (smtphost.cis.strath.ac.uk [130.159.196.96]) by mx1.FreeBSD.org (Postfix) with ESMTP id EBA4443D5A for ; Sun, 27 Feb 2005 22:16:44 +0000 (GMT) (envelope-from chodgins@cis.strath.ac.uk) Received: from [192.168.0.4] (chrishodgins.force9.co.uk [84.92.20.141]) j1RMGZ4A004559; Sun, 27 Feb 2005 22:16:35 GMT Message-ID: <422247FC.6050606@cis.strath.ac.uk> Date: Sun, 27 Feb 2005 22:21:48 +0000 From: Chris Hodgins User-Agent: Mozilla Thunderbird 1.0 (X11/20050204) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Stevan Tiefert References: <20050227223559.I11345@mail.rot-1.de> In-Reply-To: <20050227223559.I11345@mail.rot-1.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-CIS-MailScanner-Information: Please contact support@cis.strath.ac.uk for more information X-CIS-MailScanner: Found to be clean X-CIS-MailScanner-SpamCheck: not spam, SpamAssassin (score=0, required 6) X-CIS-MailScanner-From: chodgins@cis.strath.ac.uk cc: freebsd-questions@freebsd.org Subject: Re: security without NAT? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Feb 2005 22:16:45 -0000 Stevan Tiefert wrote: > Hello list, > > I have a thinking problem... If workstations in a private network have set > up a gateway, but the gateway has no NAT-deamon running, are the > workstations not able to be attacked? What happens if these workstations > behind this gateway are serving unprotected services (like shares on > Windows XP Home Edition which are NOT password protected), are they also > not be able to be attacked? > > I understand that if these workstations wants to request answers from > outside the private network are never getting answers, but is it possible > to see and attack theses workstations from outside? > > With regards > Stevan Tiefert > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > Well I just hope that you really locked down that gateway. :) You have a few probs here: 1) Your gateway is hijacked leaving your unprotected boxes at the attackers mercy. Block everything 2) Your unprotected machines are not up-to-date and by connecting to a dodgy public service something nasty is installed. Say IE flaw for example. 3) You are running a wireless access point. Game over! :) There are probably more but those are some of the main problems. In general you are probably going to be ok as long as your gateway is locked down and if you run a WAP make sure it is also as secure as possible. It is still a risk though! HTH Chris