Date: Sun, 29 Jul 2001 19:23:13 +0100 (BST) From: Gavin Atkinson <gavin@ury.york.ac.uk> To: <freebsd-questions@freebsd.org> Subject: Natd passing data out on low ports Message-ID: <Pine.BSF.4.33.0107291917340.62503-100000@ury.york.ac.uk>
next in thread | raw e-mail | index | archive | help
(posting to -questions after no satisfactory reply from UK UG) Hi, I currently have a server with two network cards, one is attached to a private internal network (10.x.x.x) which can see the internet via natd through the second network card. Natd is started through rc.conf: (irrelevant lines snipped) natd_enable="YES" natd_interface="rl1" My problem is this: Users on hosts on the _internal_ network can use rlogin etc. to a host on the external network, and this connection actually comes from a priviledged port on the box running natd, so it looks like the rlogin came from the gateway box. This means that a user with root on an internal box (or indeed any user on a windows box attached to the internal network) can spoof an rlogin, rsh etc as if it came from a user on the gateway machine, and all without leaving a log. How do I prevent natd from binding outgoing conmnections to low-numbered ports? At the moment this seems like a pretty big security hole... Please note I am not running the rutil servers on the box running natd - it's more to protect other hosts on the network and the privacy of other users' accounts. Thanks, Gavin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0107291917340.62503-100000>