I can’t answer the question but I’m definately curious about how someone would go about exploiting a vulnerability within a LAN sitting behind a router running NAT/NAPT…where would you start? Routing Tables? Hacking the modem?
I have 1 XP SP2 Machine running providing PPTP VPN connections and a Webcam Security System (webcamxp)
Forwarded Ports 1723,gre,7 for the VPN and just 81 Webcamxp plus 82 if I needed sound….but my mic is broken.
If I run a Security Scan on my host name (myhostname.dyndns.org) using LAN Guard Network Security Scanner with NAT/NAPT forwarding ports to 10.0.0.*** (XPBOX) the scanner doesnt find any computers or return any results….
BUT if I stick my XPBOX into a DMZ (aka Default NAPT – on a Speedtouch 530) and run a scan from the outside I can see all my open ports 1723-XPVPN -81 WebcamXP -80 Apache aswell as a list of all possible exploits….
So having NAT/NAPT enabled is definately good but how would one go about gaining access to the LAN….would remote administration have to be turned on for someone to change modem settings???
The only way I can see someone gaining access is by attacking webcamxp there are vulnerabilities in the sanitisation of chat text and cross site scripting e.g. http://myhostname.dyndns.org:81/chevron-script-chevron-alert(‘alert’)-chevron-/script-chevron-
Although these vulnerabilities appear to now be patched…..what other options would one have?? PTPP VPN Hacking…..is possible but I’m using MS-CHAPV2 which is pretty hard to crack….MS-CHAPV1 is supposedly fairly easy but still difficult to pull off….
HOW SECURE AM I?