Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 62 lines (33 sloc) 2.315 kB
060266a @claudijd Fix whitespaces, oops.
claudijd authored
1 # What is BNAT?
939c60b @claudijd readme
claudijd authored
2
069312c @claudijd cleaned up some read me, added RST to basic example
claudijd authored
3 BNAT (Broken NAT) is namely defined as IP communication that is being improperly nat'd to create an inoperable communication channel. A common example of BNAT is found in asymmetric routing where we (intentionally or unintentionally) create a logical layer 3 loop in a TCP/IP session between a client and a server. This is commonly found in complex routing scenarios or situations where mistakes are "corrected" to make something work without understanding or caring about the actual flow of traffic.
939c60b @claudijd readme
claudijd authored
4
060266a @claudijd Fix whitespaces, oops.
claudijd authored
5 ## Very Basic Example...
939c60b @claudijd readme
claudijd authored
6
069312c @claudijd cleaned up some read me, added RST to basic example
claudijd authored
7 .1 ----SYN-----> .2 (.1 is the client and starts a session w/ a syn to .2)
8 .1 <--SYN/ACK--- .3 (.3 responds to .1 with the syn/ack)
e7ece2d @claudijd Fixed up more readme formatting
claudijd authored
9 .1 ----RST-----> .3 (.1 responds to .3 with a RST)
060266a @claudijd Fix whitespaces, oops.
claudijd authored
10
11 # Why does BNAT matter?
939c60b @claudijd readme
claudijd authored
12
13 BNAT effectively hides TCP ports from being identified by modern TCP clients and port scanning utilities like NMAP. With the right tools, you can identify ports that would otherwise be considered as closed/filtered which can be converted into legitimate open ports.
14
aa882e0 @claudijd Fixed skytalk #
claudijd authored
15 # Check out my Presentation
4e5719c @claudijd Added Slideshare Section to DCSkytalk Preso
claudijd authored
16
af4e4c4 @claudijd adding install instructs for BT5
claudijd authored
17 DEFCON Skytalks: http://www.slideshare.net/claudijd/dc-skytalk-bnat-hijacking-repairing-broken-communication-channels
b279f95 @claudijd Added Demo Videos for BNAT-Scan & BNAT-Router
claudijd authored
18
19 # Video Demo's
20
ed9ad11 @claudijd adding more explaination for video demos
claudijd authored
21 BNAT-Scan: http://www.youtube.com/watch?v=8Um1cJswCeM (BNAT-Scan compared to NMAP -sS Scan)
1984aab @claudijd Fixed <CR> on demos
claudijd authored
22
ed9ad11 @claudijd adding more explaination for video demos
claudijd authored
23 BNAT-Router: http://www.youtube.com/watch?v=C8zv10VHyUg (BNAT-Router handling BNAT'd SSH Session)
4e5719c @claudijd Added Slideshare Section to DCSkytalk Preso
claudijd authored
24
6ec5f67 @claudijd added Metasploit video reference
claudijd authored
25 BNAT in Metasploit: http://www.youtube.com/watch?v=FS_cg1PVhkI (Using BNAT msf auxmod's to exploit Tomcat)
26
4363bf2 @claudijd Added some blog references
claudijd authored
27 # Blog Posts
28
29 Metasploit Blog - A Tale From Defcon and the Fun of BNAT
30
31 https://community.rapid7.com/community/metasploit/blog/2011/08/26/a-tale-from-defcon-and-the-fun-of-bnat
32
33 Spiderlabs Blog - Advanced BNAT in the Wild
34
35 http://blog.spiderlabs.com/2011/09/advanced-bnat-broken-network-address-translation-in-the-wild.html
36
37 Phocean Blog - BNAT
38
39 http://www.phocean.net/2011/09/13/bnat.html
40
b47fa89 @claudijd removed ruby ver info, assumes defaults from BT5
claudijd authored
41 # Native Setup on BT5#
af4e4c4 @claudijd adding install instructs for BT5
claudijd authored
42
43 ## Prep the System ##
44
45 gem install pcaprub packetfu netaddr progressbar
069312c @claudijd cleaned up some read me, added RST to basic example
claudijd authored
46 iptables -A OUTPUT -p tcp --tcp-flags RST RST -j DROP
af4e4c4 @claudijd adding install instructs for BT5
claudijd authored
47
6dc6052 @claudijd fixed section header to include entire suite as opposed to just scan
claudijd authored
48 ## Check out BNAT-Suite
060266a @claudijd Fix whitespaces, oops.
claudijd authored
49
661c2fb @claudijd added Metasploit setup and add IPTABLES command for prep (opps)
claudijd authored
50 git clone https://github.com/claudijd/BNAT-Suite.git
51
b47fa89 @claudijd removed ruby ver info, assumes defaults from BT5
claudijd authored
52 # MSF Setup on BT5#
661c2fb @claudijd added Metasploit setup and add IPTABLES command for prep (opps)
claudijd authored
53
54 ## Prep the System ##
55
069312c @claudijd cleaned up some read me, added RST to basic example
claudijd authored
56 iptables -A OUTPUT -p tcp --tcp-flags RST RST -j DROP
57
661c2fb @claudijd added Metasploit setup and add IPTABLES command for prep (opps)
claudijd authored
58 ## Check out BNAT-Suite
59
60 cd /pentest/exploits/framework3/
069312c @claudijd cleaned up some read me, added RST to basic example
claudijd authored
61 svn update
Something went wrong with that request. Please try again.