Page 1 of 1
[RESOLVED] NAT Pinning rule question
Posted: Fri Sep 21, 2018 2:51 pm
by barbaz
I would like to try out Icedove-UXP, but the ABE
NAT Pinning Rule is blocking the download links -
https://wiki.hyperbola.info/doku.php?id ... cedove-uxp
If I add exception for this, will I be vulnerable to NAT pinning?
Re: NAT Pinning rule question
Posted: Fri Sep 21, 2018 10:54 pm
by Giorgio Maone
What does your exception look like?
Re: NAT Pinning rule question
Posted: Sat Sep 22, 2018 12:24 am
by barbaz
I haven't added one, but if I did I would probably try this -
Code: Select all
Site https://repo.hyperbola.info:50000/* https://git.hyperbola.info:50100/*
Accept from ^https://(?:[^/:]+\.)?hyperbola\.info[/:]
Re: NAT Pinning rule question
Posted: Sat Sep 22, 2018 6:13 am
by Giorgio Maone
barbaz wrote:I haven't added one, but if I did I would probably try this -
Code: Select all
Site https://repo.hyperbola.info:50000/* https://git.hyperbola.info:50100/*
Accept from ^https://(?:[^/:]+\.)?hyperbola\.info[/:]
That's perfectly fine: it's specific enough, and uses https, so it couldn't be used for rebinding unless the attacker owns a valid hyperbola.info certificate, which would be a bigger trouble opening for much easier attacks.
Re: NAT Pinning rule question
Posted: Sat Sep 22, 2018 1:04 pm
by barbaz
Cool. Thanks Giorgio!