>However, what I am really afraid of is if it would even be remotely >conceivable to have a hacked linux machine with physical cable connection >to the private network to infiltrate the private NT machines with >192.168.x.x addresses. It is conceivable. Given enough time and a little knowledge of the devices you are using you "could" be hacked. We all could. >My original question was somewhat of an academic curiosity. Since IP >packets wiht private IP addresses are not supposed to be routable, my >question was if computers with just private IP address can ever be reached >by hackers. One possible way, although I don't know how, might be if >someone hacks into public IP machine and somehow reach into private IP >machines. Well, if everyone is following the rules then we can say the private IPs are not "publicly" routable. Although a router mis-configuration could cause this to not hold true. Thankfully most folks don't have this problem. You stated you are using filtering but, are you using a separate firewall as well ? My experience has found that a multi-layer approach is better. I prefer to utilize firewalls, access-lists, and VLANs to limit and sectionalize traffic into and out of, my private networks. I also ensure that I turn off all services that are not necessary for business. And of course, patch,patch,patch. You can't 100% lock down your network. Your goal should be to make it painfully time consuming and difficult for someone to hack in. I think you will find that most of the riff-raff out there likes to follow the path of least resistance and will pass by a hardened target. Two sites you should check out: www.securityfocus.com, and www.antionline.com . I also recommend checking out the hacker sites, which will help give you perspective on their thinking and reasoning. Human engineering works both ways ! ~S~ Disclaimer: My own two cents. _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
