Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 29 Jul 2001 19:23:13 +0100 (BST)
From:      Gavin Atkinson <gavin@ury.york.ac.uk>
To:        <freebsd-questions@freebsd.org>
Subject:   Natd passing data out on low ports
Message-ID:  <Pine.BSF.4.33.0107291917340.62503-100000@ury.york.ac.uk>

next in thread | raw e-mail | index | archive | help

(posting to -questions after no satisfactory reply from UK UG)

Hi,

I currently have a server with two network cards, one is attached to a
private internal network (10.x.x.x) which can see the internet via natd
through the second network card. Natd is started through rc.conf:

(irrelevant lines snipped)
natd_enable="YES"
natd_interface="rl1"

My problem is this:

Users on hosts on the _internal_ network can use rlogin etc. to a host on
the external network, and this connection actually comes from a
priviledged port on the box running natd, so it looks like the rlogin came
from the gateway box.  This means that a user with root on an internal box
(or indeed any user on a windows box attached to the internal network) can
spoof an rlogin, rsh etc as if it came from a user on the gateway machine,
and all without leaving a log.

How do I prevent natd from binding outgoing conmnections to low-numbered
ports? At the moment this seems like a pretty big security hole...

Please note I am not running the rutil servers on the box running natd -
it's more to protect other hosts on the network and the privacy of other
users' accounts.

Thanks,

Gavin



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0107291917340.62503-100000>