NAT routers - is IP spoofing a risk?
From: if (if_at_nospam.uk.invalid)
Date: 11/20/05
- Previous message: karl levinson, mvp: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 20 Nov 2005 14:38:23 GMT
The firewall on my ADSL router sometimes reports stuff like the following:
Firewall:IP Spoofing detected,from 192.168.2.28 to 10.0.0.3
(my computer was on 10.0.0.3 at that point).
But is such an attack even a risk on an ADSL router? That is, if the
firewall had not been running, would an ADSL router actually allow WAN-side
traffic through to the LAN just because it claimed to be from an IP address
used by the LAN? It seems illogical that such a device could be fooled,
since WAN traffic is self-evidently WAN traffic regardless of the IP
address it presents to the router, since it arrives on a different physical
connection.
I have also heard people say that you should choose a non-obvious address
range for machines on your LAN to guard against spoofing (or attempts to
connect to specific LAN machines by guessing their IP address), but is
there really a risk here or is NAT routing immune to such subterfuges?
- Previous message: karl levinson, mvp: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
