Is IP masquerade and Network Address Port Translation(NAPT) the same?

Is IP masquerade and Network Address Port Translation(NAPT) the same? I’m not sure whether it is the same thing or not but I realized the mechanism is almost the same where both IP masquerade and NAPT changes TCP/UDP port and many-to-one relation is allowed:multiple private addresses share one global IP address. If it is different which part is IP masquerade and NAPT is different?

Is starting an AWS instance with only ssh to port 22 insecure?

Unless someone has my private ssh key, how is leaving an aws instance open to 0.0.0.0 but only on port 22 via ssh insecure?

enter image description here

The ssh key would be distributed to a small set of people. I prefer to not need to indicate their source IP addresses in advance.

I do see another similar question SSH brute force entry in aws ec2 instance .

If you disabled password based login via SSH, then it is very hard to brute force an SSH login using a private key (

Maybe this covers it? Just want to double check since in the security world you do not get a second chance.

Are port and miniport drivers protected by patchguard in windows?

I’m planning to write a Driver that unhooks the rootkit hooks in the miniport layer (hooks of device objects or major function array)

but i want my driver to be generic and work in most windows versions and both 32 and 64 bit windows

the problem is patchguard, so will patch guard block attempts to modify the memory image of the miniport drivers?

you might be asking how the rootkit patched it in the first place then, its a bootkit so it bypassed the patchguard protections but didn’t disable it.

and if it is protected by patch guard, then how can i unhook the hooks in the driver module?!

How to hide tcp port listener powershell script?

GOALS: run a powershell script without showing the window (it’s ok if it pops up for few seconds).

PROBLEM: the script tcplisten.ps1 works just if the window is displayed to the user. All the attempts below don’t work. Because when I run netstat -ano -p tcp, port 9999 is not listening.

tcplisten.ps1

$  Listener = [System.Net.Sockets.TcpListener]9999; $  Listener.Start() 

ATTEMPTS:

powershell.exe

powershell.exe -windowstyle hidden .\tcplisten.ps1 

hidden -command

powershell -windowstyle hidden -command $  Listener = [System.Net.Sockets.TcpListener]9999; $  Listener.Start() 

-NoProfile -NonInteractive -ExecutionPolicy Bypass

powershell -NoP -NonI -W Hidden -Exec Bypass -Command 

Start-Process

Start-Process powershell.exe -ArgumentList "-WindowsStyle hidden -file .\tcplisten.ps1" 

vbs script

Create a .vbs with this script and run it

command = "powershell.exe -nologo -command C:\Users\Utente\Desktop\tcplisten.ps1" set shell = CreateObject("WScript.Shell") shell.Run command,0 

QUESTION: is there a solution? Am I doing some mistake?

Why NAT is a disadvantage when TCP source port field is 16 bits?

Here is an excerpt from Andrew S. Tanenbaum, Computer Networks, 5th edition, Chapter 5 (The Network layer), Page 455:

enter image description here

My question is on the second paragraph. From what I understand, basically this part talks disadvantage of using NAT(Network Address Translation). I don’t understand what second paragraph is trying to say about disadvantage of using NAT because it seems to me that the second paragraph is saying about benefit of using NAT because by using NAT, we can solve the problem of depletion of IP address.

Can anyone explain to me what the second paragraph is trying to convey?

Spike in activity with port 3379 (SOCORFS)

My personal IPs on AWS are being scanned for 3379. Apparently, this is SOCORFS, registered to one Hugo Charbonneau. This port is getting scanned a lot more often in recent months: https://isc.sans.edu/port.html?port=3379

Does anyone know what this is? It’s possible someone found a vulnerability in this protocol and we’re not yet publicly aware of it.

UPDATE: I reached out to Hugo, will update if I have information from him.

UPDATE 2: Hugo used to work at Socomar International (over 20 years ago), which was a company who built technology for ship tracking. SOCORFS may be “Soco RFS”. Socomar was dissolved in 2006 though. All content I could find online was that it’s unlikely that this company’s products are widely used today. So, there’s a good chance port 3379 is actually being used for something else, nothing related to SOCORFS.

Is this Monk’s Robe port balanced in 5e?

In Pathfinder, there is an item called the Monk’s Robe. I like the idea, and have tried to bring it to 5e, but I don’t know if it is balanced. Thoughts?

Monk’s Robe Wondrous item, rare (requires attunement) 1 lb.

When worn, this simple brown robe confers great ability in unarmed combat. If the wearer has levels in monk, their Unarmored Movement speed bonus and Martial Arts die are treated as a monk of 5 levels higher. If the wearer is not a monk, they gain the Unarmored Movement speed bonus and Martial Arts die of a level 5 monk.

If the wearer is a monk of 16th level or higher, their Unarmored Movement speed bonus is 35 feet and their Martial Arts die is a d12.

Help understanding pivoting and port forwading

I am trying to learn about pivoting/port forwarding and how to take full advantage of it. If I am connected to a network with the ip 192.168.0.10 and can see that 192.168.0.11 has access to a website hosted on 10.10.10.10 I am able to gain access to the webpage using meterpreter by doing:

meterpreter> run autoroute -s 10.10.10.0/24 meterpreter> run portfwd add -l 8080 -p 80 -r 192.168.0.11 

and then localhost:8080 in a web browser. From here I can use meterpreters TCP scanners to see there are other machines on the 10 network.

My question is, how can I then attempt to gain access to another machine, say brute force `10.10.10.11′ ssh port?

Also in an effort to gain a better understanding of what metesploit is doing, how could I also achieve this setup with proxychains? and would this allow me to use the kali tools on my host: 192.168.0.10 directly on the target network 10 network?

Thanks

Does this kind of USB “port knocking” exist?

For security reasons in public spaces administrators choose to disable the USB interfaces.

Is there a possibility for having something like port knocking on disabled/sleeping USB interfaces?

Port knocking in this case would be a detection of a specific kind of device (basically from lsusb information) and ideally some kind of special file inside of a USB pen drive.

Ideally, it would also require multiple USB pen drives with multiple password files.

Is this possible and was this ever done?

Would is be a secure method to unlock the USB interfaces for administrators and administrators only?