Home page logo

basics logo Security Basics mailing list archives

RE: Company Firewall's IP Address
From: "Vince Hillier" <vdh () plutonium homeunix com>
Date: Wed, 13 Nov 2002 16:33:31 -0800

Hash: SHA1

Comments below...

Vince Hillier
vdh () plutonium homeunix com

|-----Original Message-----
|From: tony tony [mailto:tonytorri () yahoo com]
|Sent: Tuesday, November 12, 2002 2:09 PM
|To: security-basics () securityfocus com; Cisaca
|Subject: Company Firewall's IP Address
|I was doing security research on the internet at work yesterday....when all
|a sudden I got a pop up advertisement that stated that I was broadcasting
|my IP
|address to the entire internet.  It then showed a screen with my IP address
|which was the the external IP interface of one of our companies firewalls.

So I assume you route through the firewall machine.

|It just bothers me that someone would be able to determine the IP address
|our firewall that easily.  It seems to me that our firewall should operate
|in a
|more stealth mode.  

Why does it bother you?  You can connect to their server, but they cannot identify you? Hmm... that would probably 
bother them, especially if you were up to no good.

|Our firewall administrator said it is not technically
|possible to do this.  

Is he/she for real?  Of course it is technically possible to identify machine IPs is they are connecting to your 
webserver, I really hope he/she means it is not possible to determine the internal IP that the request originated from, 
if not, then you need a new firewall administrator.

|What is your take?.I am not a checkpoint firewall
|I do not know.   All I know is that if I was a hacker, I would love to
|away on an ip address that represented a firewall.

That's probably the stupidest thing you could do, unless you want to get caught, of course.  Firewall are generally 
monitored, unless your firewall administrator thinks it's impossible for someone to determine the IP of the machine, 
then you're, well, hopeless.

|Click on the following to learn more about this pop up site.

In closing, that site simply returned the $REMOTE_ADDR (address that requested the document on their site).  There is 
nothing fishy about this, every site you visit can tell you that IP so long as you route through it.  Seriously, if 
your fw techie thinks it's impossible to get the IP of that machine, your company should immediately reconsider his/her 
qualifications, and perhaps put him/her in, oh say... a data entry position.

Version: PGP 8.0 (Build 349) Beta


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]