Comment by bandrami

4 hours ago

If your public IP from your ISP is 12.13.14.15, and your internal block is 192.168.0.0/24, then your ISP can send a packet to 12.13.14.15 destined for 192.168.0.7, and without a firewall your router will happily forward it. An attacker who can convince intervening routers to send traffic destined for 192.168.0.7 to 12.13.14.15 (and these attacks do exist, particularly over UDP) can also do that.

4 comments

bandrami

ErroneousBosh 4 hours ago

Okay, so not only do you have to create a bogus packet, you have to convince every piece of equipment in between you and the end user to collude with it, in the hopes that the final router is so woefully misconfigured as to act upon it?

bandrami 4 hours ago
The ISP is the primary threat vector here (do you trust yours? Along with their contractors and anyone who might have compromised them?). But like I said route-poisoning attacks do exist.
- sedawkgrep 1 hour ago
  
  yeah but the likelihood of this is incredibly remote. It would shock me if ISPs didn't have alarms going off if RFC1918 space was suddenly routable within their BGP table.
  Not to mention the return packet would be NAT'd so the attacker would have to deal with that complication.
- ErroneousBosh 2 hours ago
  
  Yes, I trust everyone who works at it, mostly because I know where they live.