Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




81 posts

Master Geek

Trusted

Topic # 140569 13-Feb-2014 08:46 Send private message

I understand a standard procedure to secure an internet facing router is to block incoming traffic from RFC1918 private address ranges.

My question is: if a hacker is using a source address with a private address, how is this a threat ? I am thinking that the packets cannot be returned to him anyway, due to private addresses not being routable on the net, so he is not getting any return traffic.
So apart from using private source addresses for a one directional DoS attack, how else could this actually cause harm ?

Thanks for any help.

Create new topic
564 posts

Ultimate Geek
+1 received by user: 89


  Reply # 986597 13-Feb-2014 09:28 3 people support this post Send private message

I've never encountered this but would assume;

Like you mention if I could spoof an internal IP [i.e. 10.1.1.2] to your router then any replies are going to be routed to back to that address on your network which could result in a DDOS vulnerability against what could be your PC, firewall, domain controller etc.

Possibly could also be a way to pass malicious commands to your network devices (NTP update, DHCP release, remote shutdown etc) ? (Duno, just a guess)





2996 posts

Uber Geek
+1 received by user: 458

Trusted

  Reply # 986826 13-Feb-2014 16:24 One person supports this post Send private message

+1 to that.

They send you a packet such as a ping from a private ip address. Your computer then sends the reponse to that address - which would probably be on the local network.
Okay so it gets dropped and goes nowhere.

They then use a botnet to send you millions of such pings and can cause you all sorts of problems.





Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here




Create new topic








Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:






Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.