private address range spoofing

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › private address range spoofing

fran1942

82 posts

Master Geek

Trusted

#140569 13-Feb-2014 08:46

I understand a standard procedure to secure an internet facing router is to block incoming traffic from RFC1918 private address ranges.

My question is: if a hacker is using a source address with a private address, how is this a threat ? I am thinking that the packets cannot be returned to him anyway, due to private addresses not being routable on the net, so he is not getting any return traffic.
So apart from using private source addresses for a one directional DoS attack, how else could this actually cause harm ?

Thanks for any help.

kenkeniff

628 posts

Ultimate Geek
+1 received by user: 88

#986597 13-Feb-2014 09:28

I've never encountered this but would assume;

Like you mention if I could spoof an internal IP [i.e. 10.1.1.2] to your router then any replies are going to be routed to back to that address on your network which could result in a DDOS vulnerability against what could be your PC, firewall, domain controller etc.

Possibly could also be a way to pass malicious commands to your network devices (NTP update, DHCP release, remote shutdown etc) ? (Duno, just a guess)

raytaylor

4076 posts

Uber Geek
+1 received by user: 1296

Trusted

#986826 13-Feb-2014 16:24

+1 to that.

They send you a packet such as a ping from a private ip address. Your computer then sends the reponse to that address - which would probably be on the local network.
Okay so it gets dropped and goes nowhere.

They then use a botnet to send you millions of such pings and can cause you all sorts of problems.

Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here