Information Security
android webserver router routing pivoting
Updated Sun, 18 Sep 2022 05:22:39 GMT

Can attacker gain access to my private network application through pivoting and/or lateral movement?


I am using a public wifi network.

When I start a nodejs express server at my local system at port 3000, I can access that website on another device (that is connected to the same public wifi network) by going to the http://(private ip address of nodejs host assigned by public wifi dhcp):3000/index.html , for example.

So to prevent this, I had my phone connect to the public wifi network and fired up the built in android hotspot. Then I connected my nodejs host machine to the hotspot to start the express server at port 3000.

I could no longer access that website anymore from a different device on the public wifi network because express server was now inside the private network within that public wifi network.

I can ping from a device inside the android hotspot private network to a device in the public wifi network. But the device from the public wifi network could not ping devices inside the android hotspot private network.

Is there a way for an attacker on that public wifi network to gain access to my android hotspot private network without knowing the SSID passphrase?

Could they use some kind of network pivoting technique so that they can access my private html website on port 3000? Using something like ip route add ?




Solution

By connecting your phone to the public WiFi AP, then connecting your local system to the phone, you are creating two layers of NAT. So, your question boils down to whether an attacker connected to the the same router as your phone (i.e. the public WiFi AP) can traverse the NAT running on your phone, then access your local system.

In general, NAT (by itself) is not considered to be a reliable firewall. See How important is NAT as a security layer? for some interesting reading on this subject. Unless you are sure that you phone provides a firewall function (in addition to NAT) when running as a local hotspot, I would not recommend relying on this solution.

A better solution would be to run a firewall on your local system, to block any incoming connections to port 3000 other than those from localhost. If you do this, then you can safely connect your local system to the public WiFi AP, instead of trying to rely on your phone as a firewall.







Linked Articles

Local articles referenced by this article: