Re: Just want to keep the crap out!!

"Volker Birk" <bumens@xxxxxxxxxxx> wrote in message

Just send packets with spoofed sender's addresses.

You're going to have to either physically tap into a
line somewhere, compromise an ISP router/switch, or possibly hack a
cable modem.

No. Nothing like this is needed.

An example for dynamic NAT:

To insert packets into the internal network behind NAT, you're just
packages to the ports on the external interface of a NAT router, which
to belong to connections NATed by the router. Usually, this is a fixed
of ports you have to try out.

An example for static NAT:

To insert a packet, which seems to come from inside, just spoof an IP
address like for sender's IP address. Then you can insert
packages, which seem to come from inside.

Both are are very dangerous for UDP based protocols, of course. They are
dangerous, too, for weak TCP implementations like the one from older

On what device have you found this to be true?

Most modern implementations are smart enough to prevent this type of
spoofing from occurring because they maintain a state of knowing that the
IP's specified on the protected side will never be allowed from the
unprotected side.

Best regards, from Don Kelloway of Commodon Communications
Visit to learn about the "Threats to Your Security
on the Internet".