Hello, I have a pfSense network that uses multiple layers of NAT translation. Public IP's are mapped to specific NAT addresses using a 1 to 1 mapping on the edge device. The packets are then forwarded to another pfSense device using another layer of NAT translation.
Ex: public ip -> NAT network 1 -> NAT network 2 -> target machine. The issue lies when using the example IP of 1.1.1.1, on an example open port 80. # tcptraceroute 1.1.1.1 80 [removed for brevity] 3 1.1.1.1 29.247 ms 17.670 ms 14.007 ms 4 1.1.1.1 20.142 ms 16.119 ms 16.609 ms 5 1.1.1.1 [open] 21.387 ms 17.176 ms 70.283 ms As you can see, the results show three instances of 1.1.1.1. This allows an attacker the ability to enumerate the depth of NAT translation. This is a low risk issue. To resolve this issue I need to "mangle" forwarded IP packets by incrementing their TTL by 1. This would effectively hide the above included results. If anyone knows how to do this either through the web interface or through custom configurations then please let me know. EMail me directly for a real world example for your analysis. Thanks in Advance, -- Blake Cornell CTO, Integris Security LLC 501 Franklin Ave, Suite 200 Garden City, NY 11530 USA http://www.integrissecurity.com/ O: +1(516)750-0478 M: +1(516)900-2193 PGP: 54DE 7526 4D9C 8641 A3AB 2B30 3C76 DF58 5B3D 6377 Free Tools: https://www.integrissecurity.com/SecurityTools Follow us on Twitter: @integrissec _______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
