nagios server networking glitch..?

Andreas Ericsson ae at op5.se
Fri May 27 22:48:59 CEST 2005


Patrick Friedel wrote:
> Andreas Ericsson wrote:
> 
>> If the nagios box is reachable from the internet somehow (apparently 
>> it is, since you're checking things there and the possibility for 
>> black IP-magic is nigh endless), some malicious person could also be 
>> redirecting your traffic on purpose.
>>
>  Nah, the internet gateway is providing NAT for the nagios box, unless 
> if I'm missing the thrust of your intent here.  I'm trying to think of 
> Cisco tricks that could pull this off on the intranet gateway (psst: 
> tell 199.242.227.113 that the route to 204.75.219.254 is through the 
> linksys router over there! *gigglesnort* ), but that's reaching pretty 
> far.  The only stuff I'm checking "outside" is the far side of our 
> internet uplink and the external interfaces on a few of our machines.
> 

It's possible to inject packets in a "fair" stream that lets the 
targeted host redirect those packets to a host it has been connected by. 
It's a fairly obscure branch of network magic, but a highly useful one 
when trying to get info on hosts behind a NAT'ing firewall, or 
redirecting traffic from them.

Unless you're running some seriously interesting stuff behind that 
firewall I doubt that's what's happening though. It requires some 
serious setup before the attack can start (platforms few hops from the 
targeted network and such), but if all else fails you might want to kick 
up ntop or ethereal on a host in between so you can catch everything 
that's going on.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Lead Developer


-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list