I understand a standard procedure to secure an internet facing router is to block incoming traffic from RFC1918 private address ranges.
My question is: if a hacker is using a source address with a private address, how is this a threat ? I am thinking that the packets cannot be returned to him anyway, due to private addresses not being routable on the net, so he is not getting any return traffic.
So apart from using private source addresses for a one directional DoS attack, how else could this actually cause harm ?
Thanks for any help.