Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

How Vulnerable WkStns Behind PAT Router

I have some users on a subnet outside our internal network - our wireless users. They are behind a 3640 running PAT/NAT (one to many NAT) - such that each user receives a 10.x.y.z address from the 3640's DHCP abilities and their source address is always one shared routable IP address. My question is - how vulnerable to hacking are all of these workstations with the 10.x.y.z to random hacking from someone out on the Internet? I am having a debate and would appreciate some input!

Community Member

Re: How Vulnerable WkStns Behind PAT Router

They are not vulnerable. The 'state' table in a pix would be able to detect if a packet was 'spoofed' malformed, etc, and not allow it inbound access.

The connection a user makes to the outside is stored and referenced when the packet returns. It would be almost impossible to hack this socket.


Community Member

Re: How Vulnerable WkStns Behind PAT Router

Thanks. What about a non-statefu non-pixl device - something like a 3640 router with PAT? Or a typical home user with one of the Linksys cable/DSL routers with PAT? How safe are these devices from being attacked?

CreatePlease to create content