From owner-freebsd-net  Tue Feb  4 10:34:21 2003
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 349AB37B40E
	for <net@FreeBSD.ORG>; Tue,  4 Feb 2003 10:34:11 -0800 (PST)
Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C57FC44141
	for <net@FreeBSD.ORG>; Tue,  4 Feb 2003 10:28:40 -0800 (PST)
	(envelope-from barney@pit.databus.com)
Received: from pit.databus.com (localhost [127.0.0.1])
	by pit.databus.com (8.12.6/8.12.6) with ESMTP id h14ISVTi007754;
	Tue, 4 Feb 2003 13:28:31 -0500 (EST)
	(envelope-from barney@pit.databus.com)
Received: (from barney@localhost)
	by pit.databus.com (8.12.6/8.12.6/Submit) id h14ISVNO007753;
	Tue, 4 Feb 2003 13:28:31 -0500 (EST)
	(envelope-from barney)
Date: Tue, 4 Feb 2003 13:28:31 -0500
From: Barney Wolff <barney@pit.databus.com>
To: Mikhail Teterin <mi+mx@aldan.algebra.com>
Cc: net@FreeBSD.ORG
Subject: Re: Does natd(8) really need to see _all_ packets?
Message-ID: <20030204182831.GA7315@pit.databus.com>
References: <200302040027.30781@aldan> <1044321596.358.69.camel@zaphod.softweyr.com> <200302041142.28554.mi+mx@aldan.algebra.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200302041142.28554.mi+mx@aldan.algebra.com>
User-Agent: Mutt/1.4i
X-Scanned-By: MIMEDefang 2.28 (www . roaringpenguin . com / mimedefang)
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

On Tue, Feb 04, 2003 at 11:42:28AM -0500, Mikhail Teterin wrote:
> 
> Finally, since the LAN consists of the private network addresses, which
> are not allowed through ISPs routers from the outside, the only danger
> is another subscriber on the same segment of the ISPs network or a
> wireless LAN user nearby (who needs to defeat the WEP first, easy though
> it might be).

Are you quite sure your ISP actually blocks RFC1918 addresses?  I'd be
surprised if that's so.

Here in New York I've also observed that DSL sometimes "leaks" packets
not intended for my site.  I run the interface to my DSL modem in
promiscuous mode just to catch things like that.  Seems to happen at
busy times of the day.  If I were so inclined, I could build up a table
of my neighbors' MACs, for use in spoofing attacks.  This might or
might not work, since I think my ISP does check source MAC on packets
from subscribers, but would be worth a try.  All in all, knowing that
a packet came from "outside" is important.

-- 
Barney Wolff         http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message