#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2008
    Posts
    183
    Rep Power
    7

    Hacking with uPnP


    Hey guys, i have some questions related to hacking, and trust me this is not malicious hacking, more educational.

    I have a few questions, my first is is it possible to open a tunnel for hacking a victim using the uPnP protocol? This preventing the need for creating forwards for NAT.

    I run an application called iCam, its a software where i can use my webcam as a security camera and view it on my iPhone etc, When installing this program, there was absolutely NO configuration needed to initiate a remote connection over 3G to my home, no forwarding or anything, just a public IP of course! How is this possible.

    My last question is regarding NAT!

    I see NAT as the main security feature of a router, almost more powerful then a firewall or just as important as a firewall for security reasons alone! So, how in earth do you get around NAT?

    My major fallback is i dont code, and dont want to learn how to!

    Thanks!!
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    surfing the interwebz
    Posts
    2,408
    Rep Power
    2004
    Is the iCam connected to your network? If so its probably sending data to their servers, which you can then view on your phone.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2008
    Posts
    183
    Rep Power
    7
    Originally Posted by seack79
    Is the iCam connected to your network? If so its probably sending data to their servers, which you can then view on your phone.
    Yes is does connect to remote servers its based on a username and password and tyen you use the same details on the phone
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    surfing the interwebz
    Posts
    2,408
    Rep Power
    2004
    Yeah, so it is not actually contacting your internal network, but rather accessing iCams network.
  8. #5
  9. Automagically Delicious
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    127.0.0.2 - I live next door.
    Posts
    2,200
    Rep Power
    2736
    NAT is NOT a security device. NAT is Network Address Translation. In it's purist form it means that on the outside of your router 12.45.89.145 becomes equal to 192.168.40.100 (or whatever you set it up to be.) It let's you manage a device on the inside like it's part of your network, and lets people on the outside access it like it's part of the world. Meaning you can tie a DNS record as such server.test.com == 12.45.89.145; but when you go to log into it from your laptop you use the 192.168.40.100 address. This will be true for ****ALL**** TCP, UDP, and other ports.

    It's cohort is PAT; Port Address Translation. It's just as it sounds port 80 on the outside may map to port 35789. This just allows you to custom config port on a server to use any port you want and have standard port mappings to the outside.

    Used together NAT and PAT can be used to host a bevy of services from the same public IP address. Let's say you had ten web servers at addresses 192.168.40.100 through .109. From the outside it could look like you have the addresses 12.45.89.145 and server 1 could be at port 80 (standard web port) and server 2 could be on port 81 and so on.

    None of this prevents someone accessing things that they shouldn't be. That is what a firewall is for... ( :
    Adam TT
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2008
    Posts
    183
    Rep Power
    7
    Originally Posted by AdamPI
    NAT is NOT a security device. NAT is Network Address Translation. In it's purist form it means that on the outside of your router 12.45.89.145 becomes equal to 192.168.40.100 (or whatever you set it up to be.) It let's you manage a device on the inside like it's part of your network, and lets people on the outside access it like it's part of the world. Meaning you can tie a DNS record as such server.test.com == 12.45.89.145; but when you go to log into it from your laptop you use the 192.168.40.100 address. This will be true for ****ALL**** TCP, UDP, and other ports.

    It's cohort is PAT; Port Address Translation. It's just as it sounds port 80 on the outside may map to port 35789. This just allows you to custom config port on a server to use any port you want and have standard port mappings to the outside.

    Used together NAT and PAT can be used to host a bevy of services from the same public IP address. Let's say you had ten web servers at addresses 192.168.40.100 through .109. From the outside it could look like you have the addresses 12.45.89.145 and server 1 could be at port 80 (standard web port) and server 2 could be on port 81 and so on.

    None of this prevents someone accessing things that they shouldn't be. That is what a firewall is for... ( :
    I understand what NAT is, and PAT but i believe NAT acts as security as all ports are closed. The way i see it, without have a port open in NAT, there is no way of hacking or being hacked unless you run and exploit on the remote host which creates that NAT forward and a service running for that specific port.

    However, what I was getting at was can you use uPnP to create a path using PAT to a remote service that is listening.
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    surfing the interwebz
    Posts
    2,408
    Rep Power
    2004
    To an extent, yes, but NAT/PAT alone do not protect you from things such as ddos attacks, etc...

IMN logo majestic logo threadwatch logo seochat tools logo