On Wed, 28 Mar 2012 13:36:49 -0700, Leo Bicknell said: > I think some engineers need to ask some interesting questions, like > how, in a box doing NAT to an outside IP, does it ever emit a packet > not from that outside IP? The fact that you can spoof packets > through some of the NAT implementations out there is mind-blowing > to me.
The mind-blowing part for me: Look at the MIT spoofing website, at what percent of the net's address space is spoofable. Then consider what percent of the net is behind a NAT (either consumer grade, or enterprise NAT). http://spoofer.csail.mit.edu/summary.php They're reporting that 20% or so (eyeballing) is unable to spoof due to a NAT. From that, and a guess of what % is *really* behind a NAT, we can make an estimate of how common this failure mode is.
pgpYsyFffcuPX.pgp
Description: PGP signature
