Date: Tue, 4 Feb 2003 13:28:31 -0500 From: Barney Wolff <barney@pit.databus.com> To: Mikhail Teterin <mi+mx@aldan.algebra.com> Cc: net@FreeBSD.ORG Subject: Re: Does natd(8) really need to see _all_ packets? Message-ID: <20030204182831.GA7315@pit.databus.com> In-Reply-To: <200302041142.28554.mi%2Bmx@aldan.algebra.com> References: <200302040027.30781@aldan> <1044321596.358.69.camel@zaphod.softweyr.com> <200302041142.28554.mi%2Bmx@aldan.algebra.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 04, 2003 at 11:42:28AM -0500, Mikhail Teterin wrote: > > Finally, since the LAN consists of the private network addresses, which > are not allowed through ISPs routers from the outside, the only danger > is another subscriber on the same segment of the ISPs network or a > wireless LAN user nearby (who needs to defeat the WEP first, easy though > it might be). Are you quite sure your ISP actually blocks RFC1918 addresses? I'd be surprised if that's so. Here in New York I've also observed that DSL sometimes "leaks" packets not intended for my site. I run the interface to my DSL modem in promiscuous mode just to catch things like that. Seems to happen at busy times of the day. If I were so inclined, I could build up a table of my neighbors' MACs, for use in spoofing attacks. This might or might not work, since I think my ISP does check source MAC on packets from subscribers, but would be worth a try. All in all, knowing that a packet came from "outside" is important. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030204182831.GA7315>