Quote:
Originally Posted by asphaltgambler
Yes- coax RG6 in to wireless router- then connect devices in the home wirelessly. No hard cabling from router connected to anything. I guess what I'm asking is what IP does the 'outside' world 'see'? If someone can see what that is, can't they use that to obtain the device addresses to hack?
|
No, because the outside IP address on your router is the address your ISP hands out to you (or assigns you), and it's 99.99999% likely that all your devices behind the AP are assigned an RFC1918 address and NAT'd when they go out to the internet.
So a service outside responds to your routers' IP address and the port that your internal machine opened a connection on. Any incoming connection to your router on a random port gets dropped on the floor; there's nothing in the NAT table for it. Only "well-known" services on the router itself or connections you've chosen to have port-forwarded to internal hosts will work inbound.
This isn't even firewalling as such; just how a NAT router works. Inbound connection that doesn't line up with an existing outbound connection? It has nowhere to go...
There are times when this isn't true (like when you pay for a static IP block). But it's rare for any ISP to give that out without you specifically asking/paying extra, so you'd probably know. Also, most won't do it on residential service at all these days - need business class.
RFC1918 addresses, like the hosts on the internal network use, are not routed over the public internet. Anyone outside your network trying to reach the address that corresponds to one of your internal hosts will get their packets dropped on the floor.
Which isn't to say that you machines can't be exploited or compromised via connections that you initiate, either from dodgy website or links/attachments etc in emails ...