Are you saying that some one can not spoof there IP address to lets say 127.0.0.1 and try to get access to the internal network and later to my computer?
Lets use a better example. 127.0.0.1 was a bad example as that is the loopback. Lets say we use the 192.168.1.1 - that is a known IP for a webinterface on wifi routers. If you enter that into your trace router, ping, or browser - and pass it on to the internet - the internet border routers will immediately drop that packet due to the IP being on the IANA special list of not-acceptable IP range for the WWW.
Why?
The Border Gateway Protocol (BGP) is the core routing protocol of the Internet. It maintains a table of IP networks or 'prefixes' which designate network reachability among 'private networks'. As soon as it sees 10.10.1.1 or 192. or 172. etc the packet is immediatly dropped.
So if you numbered all your computers 192.168.1.2- 192.168.1.255, someone cannot access those numbers via the Internet - they can only access those IPs if they are inside the LAN that is using those IPs.
How?
From a wardriver's perspective - all I have to do is connect to your unsecured network via the wifi AP. Once attached to the LAN, I can then ping or sniff those internal IPs - because now my request is being passed inside the LAN, not from the Internet routers. I can also spoof myself as one of those internal IPs, by sniffing the MAC for that IP and copy it. As long as you prevent unauthorized users from attaching to your network, they can't do this. You can also limit file sharing between computers, and block access from other internal computers with a Host-based Firewall.
Lacking a unsecured wifi AP, you can also sneak into the physical building and just plug your laptop into their cabled network. Lacking physical access, you try to get someone on the internal network to install a RAT.
Some routers are classed as "residental" because they do not have all the features of a 'business' router.
Now I have pretty much finished adding firewall rules to prevent the following from entering and leaving:
A 10.0.0.0 10.255.255.255
B 172.16.0.0 172.31.255.255
C 192.168.0.0 192.168.255.255
The Border Routers for the Internet will not accept any IPs in these ranges anyways. So this takes care of setting rules to prevent them from accessing the WWW (don't have to worry about it). Internally you want to pick one of those IP ranges for your network, and not worry about the other ranges. It is not possible for the above IP ranges to enter your network from the Internet.
It was suggested that for small networks you use 192.168.0.0, but you can use 10.0.0.1 if you wanted to - its the same thing to the Internet Border Routers - a special IP to be dropped.
No harm in asking for clarification man, if I am considered authority, then "question authority' still applies.
DNR