BNAT Hijacking: Repairing Broken Communication Channels

•Download as PPTX, PDF•

2 likes•2,211 views

The document discusses breaking and hijacking broken communication channels using Broken NAT Traversal (BNAT). It describes how BNAT works, developing tools to identify and attack BNAT sessions. The presentation demonstrates using BNAT-SCAN to discover hidden services and BNAT-ROUTER to hijack the newly discovered service and intercept communication. The conclusion discusses understanding gaps in security that allow such attacks and recommendations to close vulnerabilities.

Technology Education

BNAT Hijacking Repairing Broken Communication Channels Jonathan Claudius Rio Hotel and Casino August 5th, 2011 DefconSkytalk 2011 Security Begins with Trust

AGENDA Introduction What & How of BNAT BNAT Handshake/Hijack Demo of BNAT-Suite Finding BNAT (Active Identification) Attacking BNAT (Hijack BNAT Session) Conclusions

BNAT: The What? DST: 1.1.2.1 SRC: 1.1.2.2 Client “Cloud”

BNAT: The How? “On a Stick” Firewall 1.1.2.1 DNAT SNAT 1.1.2.2 Server Client

BNAT: The How? “A Loop” Firewall DNAT 1.1.2.1 Server Client Router 1.1.2.2 SNAT

The Bottom Line Outside view is the same… BNAT Loop ~= BNAT on a Stick …but both are still broken

BNAT Handshake Idea What if I could complete the TCP Handshake?

BNAT Handshake Idea What would it take? Stop “RST” Packet Accept “SYN/ACK” Send “ACK”

Tools Ruby Packetfu Gem Created by TodBeardsley (@todb) Used by MetasploitFramework IPTables Program to configure Linux Kernel Firewall

#1: Stop the “RST” IPTables can do this quite easily… iptables -A OUTPUT -p tcp --tcp-flags RST RST -j DROP No more RST 

$#2: Accept “SYN/ACK” Capture “SYN/ACK” Code cap = PacketFu::Capture.new(:iface => ARGV[0], :start => true, :filter => "tcp and src 1.1.2.2 and dst1.1.2.3") loop {cap.stream.each{ |pkt| packet = PacketFu::Packet.parse(pkt) if packet.tcp_flags.syn == 1 and packet.tcp_flags.ack == 1 puts "got the syn/ack“ end } }$

#3: Send“ACK” Build and Send “ACK” Code ackpkt = TCPPacket.new ackpkt.ip_saddr=synackpkt.ip_daddr ackpkt.ip_daddr="1.1.2.2“ ackpkt.eth_saddr="00:0c:29:af:cc:63“ ackpkt.eth_daddr="00:11:93:d0:e9:e0“ ackpkt.tcp_sport=synackpkt.tcp_dport ackpkt.tcp_dport=synackpkt.tcp_sport ackpkt.tcp_flags.syn=0 ackpkt.tcp_flags.ack=1 ackpkt.tcp_ack=synackpkt.tcp_seq+1 ackpkt.tcp_seq=synackpkt.tcp_ack ackpkt.tcp_win=183 ackpkt.recalc injack = PacketFu::Inject.new(:iface => ARGV[0]) injack.a2w(:array => [ackpkt.to_s]) puts "sent the ack"

End Result OUTSIDE INSIDE Firewall DNAT 1.1.2.1 SYN SYN SYN/ACK SYN/ACK Server Client ACK ACK 1.1.2.2 SNAT Router

BNAT Hijacking Idea What if I could weaponize this to do more?

BNAT-Suite I built some tools to help… BNAT-PCAP (Offline PCAP Analysis Tool) BNAT-SCAN (Active Scanning Tool) BNAT-ROUTER (Hijacking Router)

DEMO #1: Find BNAT bnat-scan.rb Perspective: External Penetration Test Discover the hidden service

DEMO #2: Attack BNAT bnat-router.rb Perspective: External Penetration Test Use the newly discovered service

End Result OUTSIDE INSIDE Firewall DNAT 1.1.2.1 B-Router SYN SYN SYN/ACK SYN/ACK Server ACK ACK 1.1.2.2 SNAT Router Client

Conclusions Understand the Gaps… Port/Vulnerability Scanners Dynamic Routing Vendor Limitations/Recommendations Incomplete NAT/SPI Implementations Security vs. Networking  Order & Flow Matter!!!

What's Next? Add support for… IPv6 BNAT UDP BNAT IP + Port TCP BNAT IP + Seq TCP BNAT IP + Port + Seq TCP BNAT

Some Info/Ref… Where to get this code? https://github.com/claudijd/BNAT-Suite How to find me? Name: Jonathan Claudius City: Chicago, IL Email: jclaudius@trustwave.com Twitter: @claudijd References http://code.google.com/p/packetfu/ http://www.netfilter.org/ http://blog.thc.org/index.php?/archives/2-Port-Scanning-the-Internet.html http://en.wikipedia.org/wiki/Iptables http://en.wikipedia.org/wiki/Network_address_translation http://en.wikipedia.org/wiki/Transmission_Control_Protocol https://cocktails365.files.wordpress.com/2010/04/barnapkin.jpg

Similar to BNAT Hijacking: Repairing Broken Communication Channels

Layer one 2011-gh0stwood-d-dos-attacks

fangjiafu

WebRTC gives us a way to do real-time, peer-to-peer communication on the web. In this talk, we'll go over the current state of WebRTC (both the awesome parts and the parts which need to be improved) as well as what could come in the future. Mostly though, we'll take a look at how to combine WebRTC with other web technologies to create great experiences on the front-end for real-time, p2p web apps.

WebRTC: A front-end perspective

shwetank

Of the variedtypes of IPC, sockets arout and awaythe foremostcommon. On any given platform, there arprobably to be differenttypes of IPC that arquicker, except for cross-platform communication, sockets arregardingthe sole game in city. They were fancied in Berkeley as a part of the BSD flavor of UNIX operating system. They unfold like inferno withthe web. With sensible reason — the mixture of sockets with INET makes reprehensionabsolute machines round the world incrediblystraightforward (at least compared to different schemes). Creating a Socket Roughly speaking, once you clicked on the link that brought you to the current page, your browser did one thingjust like the following: #create Associate in Nursing INET, STREAMing socket s = socket.socket( socket.AF_INET, socket.SOCK_STREAM) #now connect withthe net server on port eighty # - the traditionalcommunications protocol port s.connect((\"www.mcmillan-inc.com\", 80)) When the connect completes, the socket s may beaccustomedsend outa call for participation for the text of the page. a similar socket canbrowse the reply, so be destroyed. That’s right, destroyed. shopper sockets arunremarkablysolely used for one exchange (or atiny low set of sequent exchanges). What happens within thenet server may be a bit additionalcomplicated. First, the net server creates a “server socket”: #create Associate in Nursing INET, STREAMing socket serversocket = socket.socket( socket.AF_INET, socket.SOCK_STREAM) #bind the socket to a public host, # and a widely known port serversocket.bind((socket.gethostname(), 80)) #become a server socket serversocket.listen(5) A couple things to notice: we tend to used socket.gethostname() in order that the socket would be visible to the surface world. If we tend to had used s.bind((\'localhost\', 80)) or s.bind((\'127.0.0.1\', 80)) we\'d still have a “server” socket, however one that was solely visible insidea similar machine. s.bind((\'\', 80)) specifies that the socket isaccessible by any address the machine happens to own. A second issue to note: low range ports arsometimes reserved for “well known” services (HTTP, SNMP etc). If you’re kidding, use a pleasant high range (4 digits). Finally, the argument to pay attention tells the socket library that we wish it to queue as several as five connect requests (the traditional max) before refusing outside connections. If the remainder of the code is written properly,that ought to be masses. Now that we\'ve got a “server” socket, listening on port eighty, we will enter the mainloop of the net server: while 1: #accept connections from outside (clientsocket, address) = serversocket.accept() #now do one thing with the clientsocket #in this case, we\'ll fakethis can be a rib server ct = client_thread(clientsocket) ct.run() There’s trulythree general ways thatduring which this loop might work - dispatching a thread to handle clientsocket, producea replacementmethod to handle clientsocket, or structure this app to use non-blocking socke.

Of the variedtypes of IPC, sockets arout and awaythe foremostcommon..pdf

anuradhasilks

Ghl systems net matrix terminal line encryption 2009 2010

Alex Tan

By Andy Wingo. Refreshing your Twitter feed is such a drag over 3G, taking forever to connect and fetch those precious kilobytes. The reasons for this go deep into the architecture of the internet: making an HTTPS connection simply has terrible latency. So let’s fix the internet! MinimaLT is an exciting new network protocol that connects faster than TCP, is more secure than TLS (crypto by DJ Bernstein), and allows mobile devices to keep connections open as they change IP addresses. This talk presents the MinimaLT protocol and a Node library that allows JS hackers to experimentally build a new Internet.

DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)

Igalia

TCP and Mobile Networks Turbulent Relationship

Natasha Rooney

L2 Attacks.pdf

vinaykumar947680

Developers and researchers are confronted with a huge number of tools and technologies in their daily work, each of which has its own pros and cons. This realization is important for network devices intended to stop attacks — they should be “omnivores” with regard to network protocols. The speaker’s passion is to study and recreate various hacker attacks, exploits and tactics at the network level in order to develop reliable detection techniques for intrusion detection systems. While working on lots of attacks he noticed some tiny network conditions when a packet sequence slip away from IDS system but get to the target. Will your IDS system detect data network connection was broken? Using nc and a Linux machine, the speaker will demonstrate 4 CVEs he found for bypassing IDS systems, based on the example of the popular Suricata IDS.

How to bypass an IDS with netcat and linux

Kirill Shipulin

IDS-ETHZ - NSG-IDS-REPORTING_of_year_2015

Christian Hallqvist

Time Sensitive Networking in the Linux Kernel

henrikau

Computer network (16)

NYversity

VoiceBootcamp Ccnp collaboration lab guide v1.0 sample

Faisal Khan

R bernardino hand_in_assignment_week_1

Raul Bernardino, BSc MSc

Nat traversal in WebRTC context

AudioCodes

Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final

masoodnt10

WebRTC Tutorial by Dean Bubley of Disruptive Analysis & Tim Panton of Westhaw...

Dean Bubley

Challenges and experiences with IPTV from a network point of view

brouer

Software Defined Data Centers - June 2012

Brent Salisbury

Routers Firewalls And Proxies - OH MY!

Jon Spriggs

TLS Interception considered harmful (Chaos Communication Camp 2015)

hannob

Similar to BNAT Hijacking: Repairing Broken Communication Channels (20)

Layer one 2011-gh0stwood-d-dos-attacks

WebRTC: A front-end perspective

Of the variedtypes of IPC, sockets arout and awaythe foremostcommon..pdf

Ghl systems net matrix terminal line encryption 2009 2010

DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)

TCP and Mobile Networks Turbulent Relationship

L2 Attacks.pdf

How to bypass an IDS with netcat and linux

IDS-ETHZ - NSG-IDS-REPORTING_of_year_2015

Time Sensitive Networking in the Linux Kernel

Computer network (16)

VoiceBootcamp Ccnp collaboration lab guide v1.0 sample

R bernardino hand_in_assignment_week_1

Nat traversal in WebRTC context

Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final

WebRTC Tutorial by Dean Bubley of Disruptive Analysis & Tim Panton of Westhaw...

Challenges and experiences with IPTV from a network point of view

Software Defined Data Centers - June 2012

Routers Firewalls And Proxies - OH MY!

TLS Interception considered harmful (Chaos Communication Camp 2015)

Recently uploaded

MINDCTI Revenue Release Quarter One 2024

MIND CTI

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Top 10 Most Downloaded Games on Play Store in 2024

SynarionITSolutions

Manulife - Insurer Innovation Award 2024

The Digital Insurer

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

This presentation explores the impact of HTML injection attacks on web applications, detailing how attackers exploit vulnerabilities to inject malicious code into web pages. Learn about the potential consequences of such attacks and discover effective mitigation strategies to protect your web applications from HTML injection vulnerabilities. for more information visit https://bostoninstituteofanalytics.org/category/cyber-security-ethical-hacking/

HTML Injection Attacks: Impact and Mitigation Strategies

Boston Institute of Analytics

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

Real Time Object Detection Using Open CV

Khem

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

Recently uploaded (20)

MINDCTI Revenue Release Quarter One 2024

A Domino Admins Adventures (Engage 2024)

Top 10 Most Downloaded Games on Play Store in 2024

Manulife - Insurer Innovation Award 2024

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Automating Google Workspace (GWS) & more with Apps Script

HTML Injection Attacks: Impact and Mitigation Strategies

Axa Assurance Maroc - Insurer Innovation Award 2024

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The value of a flexible API Management solution for O...

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

AWS Community Day CPH - Three problems of Terraform

Boost PC performance: How more available memory can improve productivity

Real Time Object Detection Using Open CV

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Exploring the Future Potential of AI-Enabled Smartphone Processors

Strategies for Landing an Oracle DBA Job as a Fresher

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

BNAT Hijacking: Repairing Broken Communication Channels

1. BNAT Hijacking Repairing Broken Communication Channels Jonathan Claudius Rio Hotel and Casino August 5th, 2011 DefconSkytalk 2011 Security Begins with Trust

2. Quick Story “Easier Said Than Done…”

3. AGENDA Introduction What & How of BNAT BNAT Handshake/Hijack Demo of BNAT-Suite Finding BNAT (Active Identification) Attacking BNAT (Hijack BNAT Session) Conclusions

4. BNAT: The What? DST: 1.1.2.1 SRC: 1.1.2.2 Client “Cloud”

5. BNAT: The How? “On a Stick” Firewall 1.1.2.1 DNAT SNAT 1.1.2.2 Server Client

6. BNAT: The How? “A Loop” Firewall DNAT 1.1.2.1 Server Client Router 1.1.2.2 SNAT

7. The Bottom Line Outside view is the same… BNAT Loop ~= BNAT on a Stick …but both are still broken

8. BNAT Handshake Idea What if I could complete the TCP Handshake?

9. BNAT Handshake Idea What would it take? Stop “RST” Packet Accept “SYN/ACK” Send “ACK”

10. Tools Ruby Packetfu Gem Created by TodBeardsley (@todb) Used by MetasploitFramework IPTables Program to configure Linux Kernel Firewall

11. #1: Stop the “RST” IPTables can do this quite easily… iptables -A OUTPUT -p tcp --tcp-flags RST RST -j DROP No more RST 

12. #2: Accept “SYN/ACK” Capture “SYN/ACK” Code cap = PacketFu::Capture.new(:iface => ARGV[0], :start => true, :filter => "tcp and src 1.1.2.2 and dst1.1.2.3") loop {cap.stream.each{ |pkt| packet = PacketFu::Packet.parse(pkt) if packet.tcp_flags.syn == 1 and packet.tcp_flags.ack == 1 puts "got the syn/ack“ end } }

13. #3: Send“ACK” Build and Send “ACK” Code ackpkt = TCPPacket.new ackpkt.ip_saddr=synackpkt.ip_daddr ackpkt.ip_daddr="1.1.2.2“ ackpkt.eth_saddr="00:0c:29:af:cc:63“ ackpkt.eth_daddr="00:11:93:d0:e9:e0“ ackpkt.tcp_sport=synackpkt.tcp_dport ackpkt.tcp_dport=synackpkt.tcp_sport ackpkt.tcp_flags.syn=0 ackpkt.tcp_flags.ack=1 ackpkt.tcp_ack=synackpkt.tcp_seq+1 ackpkt.tcp_seq=synackpkt.tcp_ack ackpkt.tcp_win=183 ackpkt.recalc injack = PacketFu::Inject.new(:iface => ARGV[0]) injack.a2w(:array => [ackpkt.to_s]) puts "sent the ack"

14. End Result OUTSIDE INSIDE Firewall DNAT 1.1.2.1 SYN SYN SYN/ACK SYN/ACK Server Client ACK ACK 1.1.2.2 SNAT Router

15. BNAT Hijacking Idea What if I could weaponize this to do more?

16. BNAT-Suite I built some tools to help… BNAT-PCAP (Offline PCAP Analysis Tool) BNAT-SCAN (Active Scanning Tool) BNAT-ROUTER (Hijacking Router)

17. DEMO #1: Find BNAT bnat-scan.rb Perspective: External Penetration Test Discover the hidden service

18. DEMO #2: Attack BNAT bnat-router.rb Perspective: External Penetration Test Use the newly discovered service

19. End Result OUTSIDE INSIDE Firewall DNAT 1.1.2.1 B-Router SYN SYN SYN/ACK SYN/ACK Server ACK ACK 1.1.2.2 SNAT Router Client

20. Conclusions Understand the Gaps… Port/Vulnerability Scanners Dynamic Routing Vendor Limitations/Recommendations Incomplete NAT/SPI Implementations Security vs. Networking  Order & Flow Matter!!!

21. What's Next? Add support for… IPv6 BNAT UDP BNAT IP + Port TCP BNAT IP + Seq TCP BNAT IP + Port + Seq TCP BNAT

22. Questions?

23. Some Info/Ref… Where to get this code? https://github.com/claudijd/BNAT-Suite How to find me? Name: Jonathan Claudius City: Chicago, IL Email: jclaudius@trustwave.com Twitter: @claudijd References http://code.google.com/p/packetfu/ http://www.netfilter.org/ http://blog.thc.org/index.php?/archives/2-Port-Scanning-the-Internet.html http://en.wikipedia.org/wiki/Iptables http://en.wikipedia.org/wiki/Network_address_translation http://en.wikipedia.org/wiki/Transmission_Control_Protocol https://cocktails365.files.wordpress.com/2010/04/barnapkin.jpg

BNAT Hijacking: Repairing Broken Communication Channels

Recommended

Recommended

More Related Content

Similar to BNAT Hijacking: Repairing Broken Communication Channels

Similar to BNAT Hijacking: Repairing Broken Communication Channels (20)

Recently uploaded

Recently uploaded (20)

BNAT Hijacking: Repairing Broken Communication Channels