Network Security

Introduction NAT (Network Address Translation) is a core technology that mediates between private IP addresses and public IP addresses in network communications. It emerged in the mid-1990s to address the IPv4 address depletion problem and was first standardized through the IETF’s RFC 1631 document. Today, NAT has become an essential technology forming the foundation of global internet infrastructure, from home routers to large-scale corporate networks and cloud infrastructure. Basic Concepts of NAT NAT operates on network devices such as routers or firewalls, translating IP addresses between internal networks (private IP) and external networks (public IP). During this process, it modifies the IP addresses and TCP/UDP port numbers in packet headers and records the translation information in a NAT table to enable bidirectional communication. Private IP address ranges defined in RFC 1918 (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) are widely used in internal network configurations in NAT environments. When a packet passes through a NAT device, the checksum is also recalculated, which is essential to ensure the integrity of IP and TCP/UDP headers. ...

Introduction ARP spoofing is an attack technique that has been studied in the network security field for a long time. This attack aims to intercept or modify network traffic by exploiting the structural limitations of the ARP protocol. In this article, we will systematically cover the basic concepts of the ARP protocol, the operational principles of ARP spoofing, actual attack implementation, and methods to defend against it. What is the ARP Protocol? ARP (Address Resolution Protocol) is a protocol responsible for address translation between the network layer (IP) and the data link layer (MAC). Simply put, to communicate on an IP network, you need to know not only the target’s IP address but also its MAC address. This is where ARP comes in. ...

Introduction A reverse shell is a remote shell technique that operates in the opposite direction of normal connections. The target system attempts to connect to the attacker’s system, enabling remote command execution. It’s particularly useful in firewall and NAT environments, as most firewalls block incoming connections but allow outgoing ones. How It Works The basic flow of a reverse shell works as follows: The attacker sets up a listener on their system to receive connections on a specific port Code executed on the target system attempts to connect to the attacker’s system The input and output of the target system are forwarded to the attacker The attacker can execute commands on the target system and view the results While typical remote access involves ’the attacker connecting to the target system’, a reverse shell uses the approach of ‘making the target system connect to the attacker’. This reverse connection is the key to bypassing firewalls. ...