Show threadKevin Karhan Jan 11

@BestGirlGrace the only reason I use #SSH tunnels is because they work reliably.

  • I really need to see if I can use #dropbear with #pwnat to get some public-reachable SSH server persistently through #NAT|s.
Show threadKevin Karhan May 24, 2025

@astraluma @alina @xerz Bonus points if you can make it "#serverless" using #pwnat techniques...

https://github.com/samyk/pwnat

GitHub - samyk/pwnat: The only tool/technique to punch holes through firewalls/NATs where multiple clients & server can be behind separate NATs without any 3rd party involvement. Pwnat is a newly developed technique, exploiting a property of NAT translation tables, with no 3rd party, port forwarding, DMZ, DNS, router admin requirements, STUN/TURN/UPnP/ICE, or spoofing.

The only tool/technique to punch holes through firewalls/NATs where multiple clients & server can be behind separate NATs without any 3rd party involvement. Pwnat is a newly developed technique...

GitHub
Show threadKevin Karhan Dec 29, 2023

@nixCraft I mean, my firewall is constantly getting hammered with shit from impersonaltors with spoofed IPs...

They just hammer with #pwnat - esque exploits and try to #telnet into shit.

And it's really interesting to see...
http://samy.pl/pwnat/

Samy Kamkar - pwnat: NAT to NAT client-server communication

Kevin Karhan Dec 11, 2023

Some cybercriminals with [presumably] spoofed IPv4's are trying to #pwnat my @pfSense - box whilst also hammering #telnet.

#ISP #TechSupport is either criminally incompetent or refuses to acknowledge the issue...

And this is why you should alyways block known #Military / #Intelligence networks, because even if they don't target you, cybercriminals will #BGP-hack or #spoof their #IP|s.

https://github.com/greyhat-academy/lists.d/blob/main/milintel.ipv4.block.list.tsv

lists.d/milintel.ipv4.block.list.tsv at main · greyhat-academy/lists.d

List of useful things. Contribute to greyhat-academy/lists.d development by creating an account on GitHub.

GitHub
Show threadKevin Karhan Jun 28, 2023

@mikemacleod @SecurityWriter

#NAT is not a security mechanism.

See #pwnat by #SamyKamkar
https://github.com/samyk/pwnat
https://samy.pl/pwnat/

GitHub - samyk/pwnat: The only tool/technique to punch holes through firewalls/NATs where multiple clients & server can be behind separate NATs without any 3rd party involvement. Pwnat is a newly developed technique, exploiting a property of NAT translation tables, with no 3rd party, port forwarding, DMZ, DNS, router admin requirements, STUN/TURN/UPnP/ICE, or spoofing.

The only tool/technique to punch holes through firewalls/NATs where multiple clients & server can be behind separate NATs without any 3rd party involvement. Pwnat is a newly developed technique...

GitHub
Kevin Karhan Jun 7, 2023

@forthy I know, but they certainly are somewhat trackable...

It would likely require some system from "inside" to traceroute out to known blocked sites and/or trying the reverse...

Kinda like #pwnat by #SamyKamkar works...

https://samy.pl/pwnat/

Samy Kamkar - pwnat: NAT to NAT client-server communication