Skorpinok Rover Posted April 2, 2012 Share Posted April 2, 2012 Hello, In Backtrack 5, if i want to do pentest on external ip address , should i do port forward on my router? iam using a shared internet connection over LAN. let me know if you got any suggestions. Regards. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted April 2, 2012 Share Posted April 2, 2012 Networking/Firewalls/NAT 101 Simply put, Yes. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted April 3, 2012 Share Posted April 3, 2012 Oh yes, definitely required, if you don't do that, any incoming packets for that specific port will be dropped by the firewall and the connection will never reach the attacker's machine. Another thing you could look into as well, besides port forwarding is DMZ. Quote Link to comment Share on other sites More sharing options...
Skorpinok Rover Posted April 3, 2012 Author Share Posted April 3, 2012 thank you, but DMZ...? whats it ? Oh yes, definitely required, if you don't do that, any incoming packets for that specific port will be dropped by the firewall and the connection will never reach the attacker's machine. Another thing you could look into as well, besides port forwarding is DMZ. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted April 3, 2012 Share Posted April 3, 2012 DMZ is a dangerous way to make an internal NAT machine exposed to the internet. I'd suggest forwarding the ports needed. Hit up your local google/wiki for DMZ to learn more. Quote Link to comment Share on other sites More sharing options...
redhook Posted April 19, 2012 Share Posted April 19, 2012 I've never had to forward any ports to port scan an external IP, you shouldn't need to either. Remember, these are outgoing packets, not incoming. You should only need to forward if your gateway/firewall is configured to only allow outgoing packets on certain ports. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted April 19, 2012 Share Posted April 19, 2012 All along I thought he was trying to scan an NAT system behind a firewall. For that you would use port forwarding. But if you are just trying to poke at the perimeter, don't expect port forwards. Quote Link to comment Share on other sites More sharing options...
Jason Cooper Posted April 19, 2012 Share Posted April 19, 2012 In Backtrack 5, if i want to do pentest on external ip address , should i do port forward on my router? It all depends on the pentesting activities. Port scanning, as already said, shouldn't require ports to be forwarded on the local NAT. Reverse connecting shell code will require you to forward the ports it wants to connect to. The easy way to think of it is that if the connection is initiated from your machine then the NAT will handle the connection. If it is initiated from the target machine then you will need to forward any required ports or NAT won't know where to pass the connection onto. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.