Re: Just want to keep the crap out!!

"Volker Birk" <bumens@dingens.org> wrote in message
news:442837c3@news.uni-ulm.de...
>
> Just send packets with spoofed sender's addresses.
>
>> You're going to have to either physically tap into a
>> line somewhere, compromise an ISP router/switch, or possibly hack a
>> cable modem.
>
> No. Nothing like this is needed.
>
> An example for dynamic NAT:
>
> To insert packets into the internal network behind NAT, you're just
> sending
> packages to the ports on the external interface of a NAT router, which
> seem
> to belong to connections NATed by the router. Usually, this is a fixed
> range
> of ports you have to try out.
>
> An example for static NAT:
>
> To insert a packet, which seems to come from inside, just spoof an IP
> address like 192.168.0.1 for sender's IP address. Then you can insert
> packages, which seem to come from inside.
>
> Both are are very dangerous for UDP based protocols, of course. They are
> dangerous, too, for weak TCP implementations like the one from older
> Windows
> versions.
>

On what device have you found this to be true?

Most modern implementations are smart enough to prevent this type of
spoofing from occurring because they maintain a state of knowing that the
IP's specified on the protected side will never be allowed from the
unprotected side.

-- 
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your Security 
on the Internet".