Nat network address translation
This presentation is the property of its rightful owner.
Sponsored Links
1 / 20

NAT Network Address Translation PowerPoint PPT Presentation


  • 126 Views
  • Uploaded on
  • Presentation posted in: General

NAT Network Address Translation. Presented by Snoopers Eduardo Segura Shenal Shroff Shinichi Nishiyama Suyou He Thu Nguyen. Agenda. Why NAT? Solution How does it work? Types Possible attacks NAT Pros and Cons Conclusion. Why NAT?. Early ’90s: Signs of IPv4 addresses depleting.

Download Presentation

NAT Network Address Translation

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Nat network address translation

NATNetwork Address Translation

Presented by Snoopers

Eduardo Segura

Shenal Shroff

Shinichi Nishiyama

Suyou He

Thu Nguyen


Agenda

Agenda

  • Why NAT?

  • Solution

  • How does it work?

  • Types

  • Possible attacks

  • NAT Pros and Cons

  • Conclusion


Why nat

Why NAT?

  • Early ’90s: Signs of IPv4 addresses depleting

“The two most compelling problems facing the IP Internet are IP address depletion and scaling in routing. (…)

The address reuse solution is to place Network Address Translators (NAT) at the borders of stub domains.”

K. Egevang, P. Francis

RFC 1631: The IP Network Address Translator

May, 1994


Solution

Solution

  • A mapping: many-to-one

  • Many internal addresses -> one external


How does nat work

How does NAT work?

  • NAT is used to map IP addresses between non-routable private and public addresses.

  • It allows registered public IP addresses to be shared by several hosts on private network.


How does nat work outgoing

How does NAT work? - Outgoing

  • Internal host sends packet

  • NAT box stores:

    • Source IP

    • Source port

    • Destination IP

    • Destination port

  • Then modifies addresses in packet

  • And sends it


How does nat work incoming

How does NAT work? – Incoming

  • External host sends packet

  • NAT box searches stored info

  • The search uses source IP : source port

  • Modifies destination addresses in packet

  • Sends it to internal host


Nat types mapping configuration 1

NAT types: Mapping configuration -1

  • Static NAT: One-to-one mapping between internal and external addresses

  • Dynamic NAT: Mapping internal to external from group of external addresses


Nat types mapping configuration 2

NAT types: Mapping configuration –2

  • Overloading NAT: Mapping multiple internal addresses to single external address with different port #s (known also as PAT).

  • Overlapping NAT: Same range of addresses are used in two different networks.


Nat types 2

NAT Types - 2

  • Behaviors with respect to UDP-based bindings

    • Symmetric

    • Full-cone

    • Restricted-cone

    • Port-restricted-cone

  • The difference lies in how they process responses from external hosts

  • Today, NAT boxes use a mix, dynamically switching between types


Security features

“Security” features

  • NAT hides internal addresses from Internet

  • But it was NOT designed for security

  • Any security is just a side-effect:

    • If packet’s source address not in table {

      drop it; }

  • And this depends on the type of NAT!

    • Ex: “Full cone NAT” allows external packets to go right through, if configured.


Possible attacks to nat

Possible attacks to NAT

  • Assume no non-related attacks:

    • No user-initiated malware

    • No buffer overflows or other hacks

  • Then it is possible to use:

    • Source spoofing

    • Host counting

    • Passive fingerprinting

    • Internal network mapping


Attack to nat source spoofing

Attack to NAT: Source Spoofing

  • An attacker can “inject” packets into the network

  • To do this, he uses a fake source IP address

  • Sometimes, all you need is one packet!

    SQL slammer fits in one UDP packet

  • As long as the source address is in the NAT’s table, it’ll get through


Attack to nat host counting

Attack to NAT: Host Counting

  • Uses IP header “id” field

  • Most implementations just put a counter

  • NAT boxes don’t change it

  • Study gaps in these numbers to determine # of hosts


Attack to nat fingerprinting

Attack to NAT: Fingerprinting

  • Every TCP/IP implementation is different

  • Many issues are left open in RFCs

  • Hence, every TCP/IP stack is unique

  • Different values for: TTL, SEQ, flags, etc.

  • By carefully studying these differences, it is possible to identify the OS!


Attack to nat network mapping

Attack to NAT: Network Mapping

  • Technique uses “ICMP TTL Exceeded” messages

  • Attacker injects packets with low TTL values

  • Internal routers generate TTL exceeded replies

  • Attacker uses these messages to carefully map the internal network!


Nat pros and cons

NAT pros and cons

  • NAT provides a short-term solution to the shortage of IPv4 addresses

  • But it is NOT a firewall.

    Clever attackers can obtain information anyway

  • In addition, it breaks other protocols

    • IP addr. info in payload

    • Incompatibility between IPsec AH and NAT

  • Can become a management nightmare

  • Hides source of attack, if internal


  • Conclusion

    Conclusion

    • Dynamic NAT is natural firewall between private network and public networks/Internet. NAT is not a firewall.

    • NAT is for reusing IP addresses. Hosts in private network can share limited public IP addresses.

    • NAT breaks end-to-end connectivity model. Solution: ALG

    • NAT is not secure. NAT will leak information


    References

    References

    • Jeff Tyson, How Network Address Translation Workshttp://computer.howstuffworks.com/nat.htm

    • RFC 1631 - The IP Network Address Translator (NAT) http://www.rfc-editor.org/rfc/rfc1631.txt

    • RFC1918 - Address Allocation for Private Internets

      http://www.rfc-editor.org/rfc/rfc1918.txt

    • Lisa Phife, The Trouble with NAT

      http://www.cisco.com/warp/public/759/ipj_3-4/ipj_3-4_nat.html

    • Geoff Huston, Anatomy: A Look Inside Network Address Translators http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_7-3/anatomy.html

    • RFC 3022 - Traditional IP Network Address Translator

    • RFC 3489 - STUN - Simple Traversal of UDP Through NATs


    And that s it

    And that’s it!


  • Login