Re: Company Firewall's IP Address
From: Bradley D. Moore (brad.moore@circlecity.net)
Date: 11/15/02
- Previous message: Joris De Donder: "Re: any useful links on trojans/RAT's?"
- In reply to: Steve Cooper: "Re: Company Firewall's IP Address"
- Next in thread: Chip McClure: "Re: Company Firewall's IP Address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Bradley D. Moore" <brad.moore@circlecity.net> To: security-basics@securityfocus.com Date: Fri, 15 Nov 2002 13:04:21 -0500
If the IP address shown was that of your firewall, then your firewall must be
running NAT. If this is the case, then your network admin is correct. Fir
the firewall to be more stealthy, it would need to be running in bridged (not
routed) mode, which precludes the use of NAT and requires a) your machine have
a globally unique IP address ( in which case *that* would have been the
address shown), or b) some other (routing) device run NAT.
An important point Steve makes is that SOME IP address must always be known to
any host you connect to, or communications cannot occur. Which address(es)
are divulged is entierly a question of network design.
-------------------------------------
If I were to walk on water, the press would say I'm only doing it
because I can't swim.
-- Bob Stanfield
-------------------------------------
Bradley D. Moore, CNE, CCNE, CCNA
brad.moore@circlecity.net
317-331-7168
-------------------------------------
PGP Public Key: http://www.circlecity.net/brad.moore.asc
PGP Fingerprint: 347D 05BB 56D4 0675 5D2C F3A6 42AA B1B0 F4BD 610B
---------- Original Message -----------
From: Steve Cooper <steve@nuclear-monkeys.co.uk>
To: tony tony <tonytorri@yahoo.com>
Sent: 13 Nov 2002 21:40:17 +0000
Subject: Re: Company Firewall's IP Address
> On Tue, 2002-11-12 at 22:09, tony tony wrote:
> > I was doing security research on the internet at work yesterday....when
all of
> > a sudden I got a pop up advertisement that stated that I was broadcasting
my IP
> > address to the entire internet. It then showed a screen with my IP address
> > which was the the external IP interface of one of our companies firewalls.
> >
> > It just bothers me that someone would be able to determine the IP address
of
> > our firewall that easily. It seems to me that our firewall should operate
in a
> > more stealth mode. Our firewall administrator said it is not technically
> > possible to do this. What is your take?…I am not a checkpoint firewall
guru…so
> > I do not know. All I know is that if I was a hacker, I would love to
hammer
> > away on an ip address that represented a firewall.
> >
> > Click on the following to learn more about this pop up site.
> >
> > http://www.bonzi.com/internetalert/ia99m.asp
> >
> >
> > __________________________________________________
> > Do you Yahoo!?
> > U2 on LAUNCH - Exclusive greatest hits videos
> > http://launch.yahoo.com/u2
> >
>
> Your admins right, your IP has to be known in order for information to
> be returned from the internet to you and a companys external IP's are
> easy to find with legal tools and websites like samspade.org or whois
> queries with domain registrars.
> It's the ports that are open on your IP address that are the real
> danger, in order to hack your PC an attacker will need some ports open
> so they can send information through those ports. If your firewall is
> securely configured and you don't host any web or mail servers that
> allow trafic inside then you should be ok.
------- End of Original Message -------
- Next message: ullmic6@web.de: "Network Sniffing ISDN and WLAN"
- Previous message: Joris De Donder: "Re: any useful links on trojans/RAT's?"
- In reply to: Steve Cooper: "Re: Company Firewall's IP Address"
- Next in thread: Chip McClure: "Re: Company Firewall's IP Address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
