Eugene Smiley on Thu, 30 Jan 2003 11:41:03 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

RE: [PLUG] firewall risk


This would only work if they had access to your internal network as the
computer on the other end would respond to the public IP 1.2.3.4. The
attacker would not see the remote computers response.

Also, most if not all gateways/routers won't/shouldn't accept packets from a
private IP address (192.168.1.0) coming from the external interface. It's a
big tip-off that the packet is bogus.

I believe there are other reasons this scenario wouldn't work, but I'm still
groggy this morning.


plug-admin@lists.phillylinux.org wrote:
> how about this for an idea.  I'm not sure if
> this makes sense, or if it would work at all:
>
> suppose you have masquerading and forwarding enabled,
> that is if you allow forwarding of 192.168.1.x
> and masqueraded them to come from your public ip,
> lets say 1.2.3.4.
>
> somebody from outside could configure their box
> as a 192.168.1.x, configure your 1.2.3.4 as its
> gateway.  if your'e NOT using ip tables to
> filter out 192.168.1.x from the 1.2.3.4 address,
> AND you dont have rp_filter enabled, he could
> "pretend" to be you when he surfs the net...
> he could probably pretend to be coming from your
> internal net also...
>
> I'm not sure if that would work or not...
> well maybe not but I dont know why either..
>
> jondz/epike

_________________________________________________________________________
Philadelphia Linux Users Group        --       http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion  --   http://lists.netisland.net/mailman/listinfo/plug