Comment by tsimionescu

19 days ago

You're using somewhat sloppy terminology that will confuse things. An IP packet can't be addressed both to 12.13.14.15 AND to 192.168.0.7.

The realistic attack here is that your ISP sends a packet with destination address 192.168.0.7 to the MAC of your router (the MAC that corresponds to 12.13.14.15). This is a realistic attack scenario if the device that your router connects directly to gets compromised (either by an attacker or by the ISP itself).

Getting a public route that would take packets destined for 192.168.0.7 to reach your router over the Internet is far more unlikely.

2 comments

tsimionescu

Reply
bandrami  17 days ago

True, the frame is addressed to the router's hw interface but I'm talking to people who think NAT drops traffic so I figured keep it simple

But, yes, the ISP (or whoever has compromised/suborned/social engineered the ISP) is absolutely the main worry here and I don't understand how people are dismissing that so easily

  • kortilla  15 days ago

    > I don't understand how people are dismissing that so easily

    Because that’s not where 99.9999% of attacks come from

    Fire up a web server on a public ipv4 address and you’ll get hundreds of requests per day from bots probing endpoints for vulnerabilities. Same thing goes for weak passwords on an SSH endpoint.