I use a firewall filter, but you can throw up a filter to check for them. I also check for outgoing and incoming leakage: On my Cisco I do this. Access lists: access-list 101 deny ip mynetwork any log-input access-list 101 deny ip 127.0.0.0 0.255.255.255 any log-input access-list 101 deny ip 10.0.0.0 0.255.255.255 any log-input access-list 101 deny ip 172.16.0.0 0.15.255.255 any log-input access-list 101 deny ip 192.168.0.0 0.0.255.255 any log-input access-list 101 permit ip any any access-list 102 permit ip mynetwork any access-list 102 deny ip any any log In wan interfaces: ip access-group 101 in ip access-group 102 out You can accomplish these filters with any firewall using similar rules. -----Original Message----- From: R P G [mailto:inittabat_private] Sent: Monday, January 21, 2002 12:03 PM To: pen-testat_private Subject: testing for IP address space leakage in NAT systems I was wondering if anyone knows of a method to test a NAT system for address space leakage. Thanks. --Bob ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Jan 21 2002 - 15:05:23 PST