RE: Company Firewall's IP Address
From: Benjamin Meade (ben@lanwest.com.au)
Date: 11/22/02
- Previous message: Glen Mehn: "Re: any VPN program at linux?"
- In reply to: Eric Schroeder: "Re: Company Firewall's IP Address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Benjamin Meade" <ben@lanwest.com.au> To: <security-basics@securityfocus.com> Date: Fri, 22 Nov 2002 08:47:24 +0800
I may be reading this wrong, but if the firewall responds to arp
requests for 10.1.1.1 then this is effectively the firewalls IP address
and will have the same effect as knowing whatever the real address is.
Benjamin Meade
Systems Administrator
LanWest Pty Ltd
-----Original Message-----
From: Eric Schroeder [mailto:ericschroeder@satel.com]
Sent: Tuesday, 19 November 2002 6:01 AM
To: Bill Hamel
Cc: cisaca-l@purdue.edu; Leonard.Ong@nokia.com; Meritt James;
security-basics@securityfocus.com; shuffle3@insightbb.com;
tonytorri@yahoo.com
Subject: Re: Company Firewall's IP Address
You just have to configure ARP properly.
For example----
Internet Router Firewall
End User
10.1.1.254 10.1.1.58
192.168.1.1
192.168.1.51
You could use NAT on the firewall to hide everyone behind the IP address
10.1.1.1. Then you would have to configure the firewall to respond to
arp
requests for 10.1.1.1, or you would have to configure the internet
router
with a static arp entry for 10.1.1.1. But no one ever needs to know the
actual IP address of the firewall.
FWIW,
Eric Schroeder
Satel Corporation
Bill Hamel <billh@bugs.hamel.net>
11/15/2002 08:42 PM
To: Meritt James <meritt_james@bah.com>
cc: Leonard.Ong@nokia.com, <shuffle3@insightbb.com>,
<tonytorri@yahoo.com>,
<security-basics@securityfocus.com>, <cisaca-l@purdue.edu>
Subject: Re: Company Firewall's IP Address
Then routing wise, how do the packets find their way back to the
firewall
if they don't know the source IP ? ?
On Fri, 15 Nov 2002, Meritt James wrote:
> Such is not the case. I've done otherwise.
>
> Bill Hamel wrote:
> >
> > Unless I am missing something in the question, no matter what you
do,
> > what/whoever you connect to through a firewall will always know the
IP
> > address of the the trusted interface of the firewall.
> >
> > -bh
> >
> > On Wed, 13 Nov 2002, Meritt James wrote:
> >
> > > "an" IP Address - not necessarily the originating individual.
There
are
> > > a LOT of ways around that.
> > >
> > > Jim
> > >
> > > Leonard.Ong@nokia.com wrote:
> > >
> > > > There is nothing new about finding your IP Address and display
it
on the web page.
> > >
> > > --
> > > James W. Meritt CISSP, CISA
> > > Booz | Allen | Hamilton
> > > phone: (410) 684-6566
> > >
>
> --
> James W. Meritt CISSP, CISA
> Booz | Allen | Hamilton
> phone: (410) 684-6566
>
- Next message: Johannes Ullrich: "Re: any VPN program at linux?"
- Previous message: Glen Mehn: "Re: any VPN program at linux?"
- In reply to: Eric Schroeder: "Re: Company Firewall's IP Address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
