Announcement

Collapse
No announcement yet.

Gaining access to a LAN from an outside IP

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Gaining access to a LAN from an outside IP

    I understand that one can use a vpn or port forwarding to gain access to a machine or server on a lan from outside the network. But say you wanted to have a remote computer connect to a lan and receive all the benefits of doing so, ie. showing up on the DHCP list in the router, showing up on a windows network list ( shared devices and folders), be granted a local ip via DHCP, have access to the local router admin web page (192.168.1.1). I realize that one can set up an ssh or specify an ip that is able to administer the router, I merely mentioned gaining access to the 192 address as a clear point to what I am interested in doing. I would like my outside computer to be treated as if it was sitting at the remoted location.

    I'm not sure that this is possible, reasonable, or even necessary but I found my self asking, well, myself, if one could do this. After a bit of searching I have come up with only this: you can set things up so that you can connect to a computer or server remotely, but no mention of joining a LAN from an outside ip address.

    I administer a couple (separate) networks in my town that I am free to do with as I please and experiment. So I can follow up any ideas or pointers in the right direction with actual practice and see the results.

    Thanks...

  • #2
    Re: Gaining access to a LAN from an outside IP

    VPN is the best way to do this. When you connect to the network via VPN, if configured a certain way, you will receive an IP address on the local LAN, and you will have access to all resources of the network as though you were sitting at your desk.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

    Comment


    • #3
      Re: Gaining access to a LAN from an outside IP

      Originally posted by streaker69 View Post
      VPN is the best way to do this. When you connect to the network via VPN, if configured a certain way, you will receive an IP address on the local LAN, and you will have access to all resources of the network as though you were sitting at your desk.

      Hmmm, yeah I was starting to suspect so...

      So from an admin perspective, if your router admin utility is secure and a vpn is not setup then there is no conceivable way for someone to join your lan from afar. Well thanks for the input.

      Comment


      • #4
        Re: Gaining access to a LAN from an outside IP

        Originally posted by locksmith View Post
        Hmmm, yeah I was starting to suspect so...

        So from an admin perspective, if your router admin utility is secure and a vpn is not setup then there is no conceivable way for someone to join your lan from afar. Well thanks for the input.
        No, I didn't say that. A compromised machine behind the router can allow someone access to the LAN without a VPN in place. But a VPN is the correct way to do it.
        A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

        Comment


        • #5
          Re: Gaining access to a LAN from an outside IP

          Originally posted by streaker69 View Post
          No, I didn't say that. A compromised machine behind the router can allow someone access to the LAN without a VPN in place. But a VPN is the correct way to do it.
          I should have said that there is no conceivable way without a vpn, to join the lan other then through a machine on the local. I realize that this is only a small difference. Thanks again for batting this around with me.

          Comment


          • #6
            Re: Gaining access to a LAN from an outside IP

            Originally posted by streaker69 View Post
            No, I didn't say that. A compromised machine behind the router can allow someone access to the LAN without a VPN in place. But a VPN is the correct way to do it.
            If the machine is behind a router and compromised by say a botnet or trojan, in order to access other systems on the LAN wouldnt either
            a) that trojanized victim have to be connected to a webserver in order for the server to issue any malicous intent
            or
            b) the router be setup for portforwarding
            Last edited by JMC31337; August 18, 2010, 22:43. Reason: clarification
            Your Life Is Your Crime, It's Punishment Time

            Comment


            • #7
              Re: Gaining access to a LAN from an outside IP

              I often use a reverse SSH tunnel to access my machines that are behind routers I don't control. Not as full featured as a VPN, but in most cases it gets me what I need.

              Kallahar
              --- The fuck? Have you ever BEEN to Defcon?

              Comment


              • #8
                Re: Gaining access to a LAN from an outside IP

                I think Caesar is working on a project that may fit your needs. You might see if you can get in touch with him...
                No, I will not fix your computer.

                Comment


                • #9
                  Re: Gaining access to a LAN from an outside IP

                  If you want to export DHCP, etc. then you probably want to export the Ethernet connection, not the IP connection.

                  Recently (the last year or so) OpenSSH has added the ability to do this. It's a sort of "poor man's LAN" that exports the Ehternet connection over the SSH tunnel. Using it you can see Ethernet broadcasts, DHCP, etc. over the tunnel.

                  Check it out. It's under the "TUN / TAP" section of the documentation.
                  "Men entrusted with power, even those aware of its dangers, tend, particularly when pressured, to slight liberty." - , The Church Committee, April 26 (legislative day, April 14), 1976

                  Comment


                  • #10
                    Re: Gaining access to a LAN from an outside IP

                    Originally posted by liberator View Post
                    If you want to export DHCP, etc. then you probably want to export the Ethernet connection, not the IP connection.

                    Recently (the last year or so) OpenSSH has added the ability to do this. It's a sort of "poor man's LAN" that exports the Ehternet connection over the SSH tunnel. Using it you can see Ethernet broadcasts, DHCP, etc. over the tunnel.

                    Check it out. It's under the "TUN / TAP" section of the documentation.

                    Thanks man that sounds exactly like what I was talking about. I do now realize that it doesn't make a whole lot of sense. Why not just reverse bind shell into a comp on the lan and whala, there is your private ip address. Of course at the time I didn't know how to do this... Thanks guys for feeding my thought train.

                    Comment

                    Working...
                    X