mailing list archives
RE: Company Firewall's IP Address
From: "Vince Hillier" <vdh () plutonium homeunix com>
Date: Wed, 13 Nov 2002 23:20:35 -0800
-----BEGIN PGP SIGNED MESSAGE-----
My regrets on my message posted on this topic, I misread what you had said, the message is not currently on the list
yet, but I go on to say your firewall admin is basically incompetent, but apparently, I am :)
I thought you were saying that your fw admin claims there was no way for an external site to obtain the firewall IP.
vdh () plutonium homeunix com
|From: Edward N Schofield [mailto:shuffle3 () insightbb com]
|Sent: Tuesday, November 12, 2002 4:47 PM
|To: tony tony
|Cc: security-basics () securityfocus com; Cisaca
|Subject: Re: Company Firewall's IP Address
|Yes, that is a lousy advertisement designed to panic people into
|stampeding to their site. I got the same message on my home PC. The sad
|fact is that I agree with your IT manager. If you're going to do any
|communication with the world, you have to have someplace for the world
|to send messages to. There has to be an external IP address. What
|Checkpoint does is screen what comes into your organization from your
|external interface. You would have to look at your Checkpoint rule base
|to determine the sites it is blocking, if any. Most organizations let
|email come through the firewall to the corporate users and let them use
|the delete button. There are some commercial services that you can
|subscribe to in order to block categories of sites, but you pay good
|bucks to them for taking your headaches. Yes, this is how worms like
|Klez and viruses get around companies so quickly, but try to sell
|executive management on restricting their email access.
|tony tony wrote:
|>I was doing security research on the internet at work yesterday....when
|>a sudden I got a pop up advertisement that stated that I was broadcasting
|>address to the entire internet. It then showed a screen with my IP
|>which was the the external IP interface of one of our companies firewalls.
|>It just bothers me that someone would be able to determine the IP address
|>our firewall that easily. It seems to me that our firewall should operate
|>more stealth mode. Our firewall administrator said it is not technically
|>possible to do this. What is your take?.I am not a checkpoint firewall
|>I do not know. All I know is that if I was a hacker, I would love to
|>away on an ip address that represented a firewall.
|>Click on the following to learn more about this pop up site.
|>Do you Yahoo!?
|>U2 on LAUNCH - Exclusive greatest hits videos
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 (Build 349) Beta
-----END PGP SIGNATURE-----