[RESOLVED] NAT Pinning rule question

Post a reply

Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:

BBCode is ON
[img] is ON
[url] is ON
Smilies are ON

Topic review
   

Expand view Topic review: [RESOLVED] NAT Pinning rule question

Re: NAT Pinning rule question

by barbaz » Sat Sep 22, 2018 1:04 pm

Cool. Thanks Giorgio! Image

Re: NAT Pinning rule question

by Giorgio Maone » Sat Sep 22, 2018 6:13 am

barbaz wrote:I haven't added one, but if I did I would probably try this -

Code: Select all

Site https://repo.hyperbola.info:50000/* https://git.hyperbola.info:50100/*
Accept from ^https://(?:[^/:]+\.)?hyperbola\.info[/:]
That's perfectly fine: it's specific enough, and uses https, so it couldn't be used for rebinding unless the attacker owns a valid hyperbola.info certificate, which would be a bigger trouble opening for much easier attacks.

Re: NAT Pinning rule question

by barbaz » Sat Sep 22, 2018 12:24 am

I haven't added one, but if I did I would probably try this -

Code: Select all

Site https://repo.hyperbola.info:50000/* https://git.hyperbola.info:50100/*
Accept from ^https://(?:[^/:]+\.)?hyperbola\.info[/:]

Re: NAT Pinning rule question

by Giorgio Maone » Fri Sep 21, 2018 10:54 pm

What does your exception look like?

[RESOLVED] NAT Pinning rule question

by barbaz » Fri Sep 21, 2018 2:51 pm

I would like to try out Icedove-UXP, but the ABE NAT Pinning Rule is blocking the download links - https://wiki.hyperbola.info/doku.php?id ... cedove-uxp

If I add exception for this, will I be vulnerable to NAT pinning?

Top