Answer the question
In order to leave comments, you need to log in
How to bypass NAT?
There is a white IP address issued by the provider and a local network behind NAT.
On the router, port 1234 is forwarded to port 1234 of computer 192.168.1.10
How can I connect to port 4321 of computer 192.168.1.10, provided that nothing is forwarded to this port on the router? (No firewall)
Here the guy says that it is possible, casually mentioning manual routing.
youtu.be/B-dlhkWBNuA?t=15m50s
What is it about?
Answer the question
In order to leave comments, you need to log in
I'm talking about the fact that there is a manual form of routing. In other words, if you have some kind of server that is behind your nat and you think that there is no way to get through to it from the outside because you have not configured port forwarding. You're wrong, I'll get to him. Since you have an external NAT...One story is more surprising than the other, especially about manual routing and label routing (what is it?).
... label routing allows the packet to be forwarded to your server.
You're wrong, I'll get to him.First, such statements (of the "I'll get through" level) are usually reformulated into more neutral ones after an insistent request to demonstrate what is stated in practice. Secondly, the speaker forgot to clarify the meaning of the word "I will break through." What does it mean? Will the packet from the Internet reach the server? Which, which port is the encapsulated segment intended for? What will be the effect? The fact that the speaker understands that NAT and the firewall are different things is very good, it's a pity that the argument is not flawless.
How to connect to computer port 4321 192.168.1.10This is possible in the following case. The client 192.168.1.10 establishes a connection to the web server 2.2.2.2 using port 4321 on its side (it happens to be a coincidence). On the navigating device with the globally routable address 1.1.1.1, a translation of the form ( 192.168.1.10 ,tcp, 4321 )->(1.1.1.1, tcp, 31337) is created. The web server sees the client with address 1.1.1.1, source port 31337, sends data to it (segments inside packets), which, after nating, are actually sent to the client 192.168.1.10 , tcp port 4321 . Further, if there is an attacker 3.3.3.3 who really needs to send a tcp segment (inside an Ip packet) to client 192.168.1.10 on port 4321, then it specifies a static route (see I'm talking about the fact that there is a manual form of routing ) to 192.168.1.10/32 (the length of the prefix is not important, in my opinion) through 1.1. tcp-port to send a segment so that it is correctly configured. If 3.3.3.3 and 2.2.2.2 interact (exchange information), it will send to port 31337 . If not, then it is more logical to send evenly to all ports and hope for good luck.
Outside, nothing. This is a clear attack on the network =)
The link did not open, I can not comment. Perhaps he is talking about UPnP when the computer adds NAT rules to the router itself, but again, this is only inside the network.
Well, if there is a Trojan on the computer behind NAT, then it's as easy as shelling pears, it's enough to go to the STUN server from it and continue to communicate via p2p.
Or use UDP Hole Punching.
In general, in theory, you can create such a TCP packet that will be unpacked on the router and sent to the desired address on the desired port within the network. Another question is where to find such a router that will not check / filter the tcp session for existence. Such routers ceased to be produced in 2007.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question