Results 1 to 9 of 9

Thread: What are the causes and effects of a NAT Flooding?

  1. #1
    Junior Member
    Join Date
    Jul 2007
    Posts
    71

    Default What are the causes and effects of a NAT Flooding?

    While I am slightly familiar with NAT, a question has been pressing me for many days now:

    Could someone crash a router by preforming an action similar to MAC Flooding on a switch. In other words, could one create x amount of connections to external servers over the permitted amount. If so, what would the effects be? Would the router fail to accept packets until pending connections are dealt with, send back RST packets, allow the connection to time-out, or fail all together, dropping all packets until manually reset?

    While I realize the the causes and effects would differ from manufacture to manufacture, is this possible and what would be an estimate for the maximum amount to connections allowed?

    Thank you.

  2. #2
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by ipndrmath View Post
    While I am slightly familiar with NAT, a question has been pressing me for many days now:

    Could someone crash a router by preforming an action similar to MAC Flooding on a switch. In other words, could one create x amount of connections to external servers over the permitted amount. If so, what would the effects be? Would the router fail to accept packets until pending connections are dealt with, send back RST packets, allow the connection to time-out, or fail all together, dropping all packets until manually reset?

    While I realize the the causes and effects would differ from manufacture to manufacture, is this possible and what would be an estimate for the maximum amount to connections allowed?

    Thank you.
    And by that do you mean by creating connections to the router with mac addresses.......?
    dd if=/dev/swc666 of=/dev/wyze

  3. #3
    Junior Member
    Join Date
    Jul 2007
    Posts
    71

    Default

    No, I do not mean that you literaly flood the router with Mac address.

    When you make an external connection on an internal LAN (slightly repeditive), you really make a connection to the router. The router takes the packets, replaces your IP with its own and sends it off. It also makes a note of it in some log, so that when it receives the returning packets, it can forward them.

    I mean: Can someone make so many external connection that the router fails to function.

  4. #4
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    This seems like one of those things that is theoretically possible but would likely be very difficult to test/execute. I suspect that the for the majority of modern routers they would simply start denying traffic before it allowed itself to be killed.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  5. #5
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    I agree the router would not allow itself to be "killed". The best you could hope for is a DOS style attack. I have always been interested however in what would happen if the routers memory was over flowed by the log though?

  6. #6
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Again I thing for the vast majority of modern routers log entries/files would be discarded before there was a problem. Though if log file rotation/deletion is configured by a human I suppose there's always room for operator error.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  7. #7
    Junior Member
    Join Date
    Jul 2007
    Posts
    71

    Default

    Thank you for your help. I think what I will do is write a quick program in Perl that continually tries to access a nonexistent server and run it on my LAN.

    Thanks again for your help.

  8. #8
    Member elazar's Avatar
    Join Date
    Sep 2007
    Posts
    217

    Default

    Quote Originally Posted by thorin View Post
    This seems like one of those things that is theoretically possible but would likely be very difficult to test/execute. I suspect that the for the majority of modern routers they would simply start denying traffic before it allowed itself to be killed.
    Not necessarily. I had a machine that got infected with a rootkit and it was being used for a DDoS attack, the spoofed syn flood traffic almost brought my 2621 to a screaming halt. The truth is, the router still operated, but it was so flooded that it was unable to route legitimate traffic. I would say that you could classify that as "killed"...
    dd if=/dev/urandom of=/mybrain

  9. #9
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Hence my use of the words "suspect" and "majority", and your use of the word "almost".
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •