Can NAT be circumvented? Are Firewalls Failing?

Can someone write code to circumvent a NATed network?  No – If your firewall is adequately secured and configured properly.   An interesting article from Bit-Tecn.net has an article stating that a hacker has created a piece of code that allows NAT to be circumvented.   (Information from the author)

Remember,  there is some inherent security in placing your computers on a NATed network.  NATing a network provides protection to ‘help’ protect your network.   Using NAT is only one way of protecting your network.  Regardless of the code or application on the inside of your network, you can control data of incoming and outgoing packets and the flow of information with your firewall.    Any connection not authorized by your firewall (Enterprise) simply won’t connect.   Properly configured IDS and IPS systems can prevent this also.   Code that runs outside of applications you haven’t approved will fail also.

So is this a valid concern? Yes (I know I said no in the aforesaid paragraph).   Home users and smaller organizations could have malicious code such as this loaded on their computer and NAT could be violated.   These users won’t have the enterprise equipment to stop this type of connection.   However security suites, malware, and anti-virus software will be updated to keep up with this code.  (Although this code is not a virus, there could be malicious uses).

On the wall in my classroom I have a virus, Network.vbs to be exact.   The virus traveled across networks and panic spread through the IT community (worm class virus) .  Because this virus traveled and infected other computers; many IT managers didn’t know how to handle this and waited for vendors to produce removal tools.

By studying Network.vbs -

This virus or  worm would generate a random IP Address and then it would connect to a host.  If the virus could not connect, it would generate a new IP address and again attempt a connection.   (This process would continue until it was able to connect.  This allowed the virus to connect to computers on your network or even to computers on the internet undetected.

When a computer became infected, it could remap shared drives to J:   It would then copy itself to areas of startup in Windows.   By the way, this little vbs script’s size-2.5 kilobytes!    Although this may not be the same protocol and is slightly different, the above virus made connections across the internet years ago.   And the little 2.5 virus would go through NAT with speed!   Until we removed it.

Don’t panic.   Connections such as this have been around for some time.  UDP tunneling is not new.   With this code being successfully ran on Linux and MAC, it can still be controlled.

Ask an old security analyst.

Final comment.   Good code.