Re: Possibility of routing through internet with private IP address

From: Ivan Coric (ivan.coric_at_workcoverqld.com.au)
Date: 10/17/03

  • Next message: Tsai Li Ming: "RE: Checksum for Windows 2000 CD" 
    Date: Fri, 17 Oct 2003 10:14:26 +1000
To: <ebone@DotsAndLoops.net>, <security-basics@securityfocus.com>

    Hi e,
    easy way, call your T1 Provider, talk to the Tech department and get them to email you a response.

    As for the Netscreen, its a Certified Firewall Product Vendor, by http://www.icsalabs.com
    http://www.icsalabs.com/html/communities/firewalls/newsite/certification//vendors_4/NetScreen/index.shtml

    Regards
    Ivan

    Ivan Coric
    IT Technical Security Officer
    Information Technology
    WorkCover Queensland
    Ph: (07) 30066414 Fax: (07) 30066424
    Email: ivan.coric@workcoverqld.com.au

    >>> e-bone <ebone@DotsAndLoops.net> 10/17/03 02:00am >>>
    Hi,
    We have the following VPN/Firewall setup:

    WAN -- T1 router -- netscreen(VPN) -- SonicWall(Firewall) -- LAN

    NAT takes place at the SonicWall.

    VPN tunnels from the WAN side end at the netscreen.
    VPN users receive a "virtual" IP address of 172.31.1.*,
    172.31.2.* , etc ...

    The SonicWall has rules allowing in these private address ranges.

    Now, the question ....
    My (doofus) boss seems to think that it is possible that somebody
    could come into our LAN from the WAN side with one of these private IP
    addresses ?
    I tend to think this is complete hogwash (or bollocks if you prefer).

    Is there anyway someone can route through the internet (WAN) with a
    private IP address, and have the packets routed back to them properly ?

    For the purposes of answering the question, disregard for the moment
    that we could set up the netscreen with policies requiring these private
    IP ranges to be tunneled .... my boss for some inexplicable reason
    has no faith in this device ... that is the whole reason we still
    have the SonicWall around too.

    Any tips, hints, or gibberish of any kind welcome.

    cheers,
    e

    ---------------------------------------------------------------------------
    FREE Whitepaper: Better Management for Network Security

    Looking for a better way to manage your IP security?
    Learn how Solsoft can help you:
    - Ensure robust IP security through policy-based management
    - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    networks
    - Quickly respond to network events from a central console

    Download our FREE whitepaper at:
    http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
    ----------------------------------------------------------------------------

    ***************************************************************************
    Messages included in this e-mail and any of its attachments are those
    of the author unless specifically stated to represent WorkCover Queensland. The contents of this message are to be used for the intended purpose only and are to be kept confidential at all times.
    This message may contain privileged information directed only to the intended addressee/s. Accidental receipt of this information should be deleted promptly and the sender notified.
    This e-mail has been scanned by Sophos for known viruses.
    However, no warranty nor liability is implied in this respect.
    **********************************************************************

    ---------------------------------------------------------------------------
    FREE Whitepaper: Better Management for Network Security

    Looking for a better way to manage your IP security?
    Learn how Solsoft can help you:
    - Ensure robust IP security through policy-based management
    - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    networks
    - Quickly respond to network events from a central console

    Download our FREE whitepaper at:
    http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
    ----------------------------------------------------------------------------

  • Next message: Tsai Li Ming: "RE: Checksum for Windows 2000 CD"

    Relevant Pages

    • << SBS News of the week - Sept 26 >>
      ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
      (microsoft.public.backoffice.smallbiz)
    • << SBS News of the week - Sept 26 >>
      ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
      (microsoft.public.backoffice.smallbiz2000)
    • << SBS News of the week - Sept 26 >>
      ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
      (microsoft.public.windows.server.sbs)
    • Re: Firewall Suggestions
      ... servers on a peer to peer network topology. ... > to access the other computers across the network. ... enough security without adding a software firewall. ... it was before the security craze of recent. ...
      (comp.security.firewalls)
    • RE: Can I update a new patch for the whole windows computers of m
      ... > FREE Whitepaper: Better Management for Network Security ... > - Ensure robust IP security through policy-based management ...
      (Security-Basics)