I think the answers that I received in response to my query are somewhat obvious -- yes -- but neither answered my question! Morning Wood's analysis was brilliant as ever, like always ;-P "atacker now can do a he wishes to the rest of your network ( GAME OVER )" Ummm...okay. The problem with you was this statement: "NAT client browses web..." HOW IS THIS NOT USER INTERACTION?!?!? I asked if there is a computer on the internal network that doesn't do anything -- that means SENDING NO PACKETS to the router -- if an attacker can get EVEN ONE PACKET inside: then they will prove everyone wrong, right? If one packet can get through, it can be considered a rogue packet that should not have entered the internal network destined for a particular host -- or better yet -- an internal broadcast address going to all hosts. Some say getting these rogue packets into the network is "impossible". That is the reason for my question. I like to think that most problems are "intractable", but not "impossible". Can anyone prove me wrong? Can someone push a rogue packet behind a router with no client interaction??? This is my chautauqua... -- Kristian Hermansen <khermansen@xxxxxxxxxxxxxxxxx>
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html