mailing list archives
Re: Company Firewall's IP Address
From: "Eric Schroeder" <ericschroeder () satel com>
Date: Wed, 13 Nov 2002 14:54:20 -0700
Most people configure their firewalls to hide all of the addresses behind
the firewall using the firewalls ip address. This does pose certain
security concerns as far as information gathering goes. But there are
other ways to determine firewall IP addresses. But there are ways to
overcome this to make life more difficult for hackers.
This is easily overcome on a Checkpoint firewall by using a different
valid address to hide everyone behind. Then you have to have either a
route to the firewall for the valid address or configure the host
operating system to arp for the new address, depending on your
Also possible is masking different departments of a large organization
behind different IP addresses at the firewall. For example, if the
external IP address of the firewall is x.x.x.1, then you could make the
accounting department x.x.x.2, development department to x.x.x.3, etc.
(Note - this will only work if you have these departments subnetted behind
the firewall, ie. accounting is all using ip addresses in the 10.1.1.x
network, development is all using ip addresses in the 10.1.2.x network,
etc.) This allows you to more easily determine where traffic from inside
your network is coming from when questioned from an outside source. (For
example, someone reports that you have been compromised with the Code Red
tony tony <tonytorri () yahoo com>
11/12/2002 03:09 PM
To: security-basics () securityfocus com, Cisaca <cisaca-l () purdue edu>
Subject: Company Firewall's IP Address
I was doing security research on the internet at work yesterday....when
a sudden I got a pop up advertisement that stated that I was broadcasting
address to the entire internet. It then showed a screen with my IP
which was the the external IP interface of one of our companies firewalls.
It just bothers me that someone would be able to determine the IP address
our firewall that easily. It seems to me that our firewall should operate
more stealth mode. Our firewall administrator said it is not technically
possible to do this. What is your take??I am not a checkpoint firewall
I do not know. All I know is that if I was a hacker, I would love to
away on an ip address that represented a firewall.
Click on the following to learn more about this pop up site.
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos