Re: Just want to keep the crap out!!

Don Kelloway <usenet@commodon.com> wrote:
> > An example for dynamic NAT:
> > To insert packets into the internal network behind NAT, you're just
> > sending
> > packages to the ports on the external interface of a NAT router, which
> > seem
> > to belong to connections NATed by the router. Usually, this is a fixed
> > range
> > of ports you have to try out.
> > An example for static NAT:
> > To insert a packet, which seems to come from inside, just spoof an IP
> > address like 192.168.0.1 for sender's IP address. Then you can insert
> > packages, which seem to come from inside.
> > Both are are very dangerous for UDP based protocols, of course. They are
> > dangerous, too, for weak TCP implementations like the one from older
> > Windows
> > versions.
> On what device have you found this to be true?

On every I saw up to today.

> Most modern implementations are smart enough to prevent this type of
> spoofing from occurring because they maintain a state of knowing that the
> IP's specified on the protected side will never be allowed from the
> unprotected side.

Nice to hear. What I'm missing is an implementation I can see. With some
little filtering there is no problem anyways.

Yours,
VB.

-- 
At first there was the word. And the word was Content-type: text/plain