mailing list archives
RE: Company Firewall's IP Address
From: "Vince Hillier" <vdh () plutonium homeunix com>
Date: Wed, 13 Nov 2002 16:33:31 -0800
-----BEGIN PGP SIGNED MESSAGE-----
vdh () plutonium homeunix com
|From: tony tony [mailto:tonytorri () yahoo com]
|Sent: Tuesday, November 12, 2002 2:09 PM
|To: security-basics () securityfocus com; Cisaca
|Subject: Company Firewall's IP Address
|I was doing security research on the internet at work yesterday....when all
|a sudden I got a pop up advertisement that stated that I was broadcasting
|address to the entire internet. It then showed a screen with my IP address
|which was the the external IP interface of one of our companies firewalls.
So I assume you route through the firewall machine.
|It just bothers me that someone would be able to determine the IP address
|our firewall that easily. It seems to me that our firewall should operate
|more stealth mode.
Why does it bother you? You can connect to their server, but they cannot identify you? Hmm... that would probably
bother them, especially if you were up to no good.
|Our firewall administrator said it is not technically
|possible to do this.
Is he/she for real? Of course it is technically possible to identify machine IPs is they are connecting to your
webserver, I really hope he/she means it is not possible to determine the internal IP that the request originated from,
if not, then you need a new firewall administrator.
|What is your take?.I am not a checkpoint firewall
|I do not know. All I know is that if I was a hacker, I would love to
|away on an ip address that represented a firewall.
That's probably the stupidest thing you could do, unless you want to get caught, of course. Firewall are generally
monitored, unless your firewall administrator thinks it's impossible for someone to determine the IP of the machine,
then you're, well, hopeless.
|Click on the following to learn more about this pop up site.
In closing, that site simply returned the $REMOTE_ADDR (address that requested the document on their site). There is
nothing fishy about this, every site you visit can tell you that IP so long as you route through it. Seriously, if
your fw techie thinks it's impossible to get the IP of that machine, your company should immediately reconsider his/her
qualifications, and perhaps put him/her in, oh say... a data entry position.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 (Build 349) Beta
-----END PGP SIGNATURE-----