mailing list archives
RE: Company Firewall's IP Address
From: Louis Erickson <LErickson () ariba com>
Date: Thu, 14 Nov 2002 14:02:59 -0800
From: Vince Hillier [mailto:vdh () plutonium homeunix com]
|From: tony tony [mailto:tonytorri () yahoo com]
|Sent: Tuesday, November 12, 2002 2:09 PM
|To: security-basics () securityfocus com; Cisaca
|Subject: Company Firewall's IP Address
|I was doing security research on the internet at work
|a sudden I got a pop up advertisement that stated that I was
|address to the entire internet. It then showed a screen
with my IP address
|which was the the external IP interface of one of our
So I assume you route through the firewall machine.
You are broadcasting an IP to the internet; that of your firewall. Many
things you do on the Internet - HTTP among them - require a bidirectional
link, which means that both sides need to know the IP address of the other.
Anything using TCP and actually working probably does.
Your machine's internal IP wasn't broadcast; your office's firewall or NAT
gateway or some other machine's was. This is normal.
Hopefully, that machine is monitored, and well maintained, so hacking it
won't be easy or fruitful.
If you're not aware of how IP connections like your web server work, you're
right to be trying to learn more, and you might look for a basic book on
networking. I don't have any really good recommendations, but others here
|It just bothers me that someone would be able to determine
the IP address
|our firewall that easily. It seems to me that our firewall
|more stealth mode.
Why does it bother you? You can connect to their server, but
they cannot identify you? Hmm... that would probably bother
them, especially if you were up to no good.
That's true. It's also true that that's how common protocols on the
Internet work. There needs to be an IP address of some sort; your firewall
gets that honor. Don't worry about that so much.
|Our firewall administrator said it is not technically
|possible to do this.
Is he/she for real? Of course it is technically possible to
identify machine IPs is they are connecting to your
webserver, I really hope he/she means it is not possible to
determine the internal IP that the request originated from,
if not, then you need a new firewall administrator.
Vince, I read that to mean, "Our firewall administrator said it is not
technically possible to hide the IP address of our firewall" instead of "it
is not possible to identify machines".
That's a very different statement, to which your reply isn't correct.
|What is your take?.I am not a checkpoint firewall
|I do not know. All I know is that if I was a hacker, I
would love to
|away on an ip address that represented a firewall.
That's probably the stupidest thing you could do, unless you
want to get caught, of course. Firewall are generally
monitored, unless your firewall administrator thinks it's
impossible for someone to determine the IP of the machine,
then you're, well, hopeless.
Knowing someone's firewall's address is of only limited use. Don't worry
|Click on the following to learn more about this pop up site.
In closing, that site simply returned the $REMOTE_ADDR
(address that requested the document on their site). There
is nothing fishy about this, every site you visit can tell
you that IP so long as you route through it. Seriously, if
your fw techie thinks it's impossible to get the IP of that
machine, your company should immediately reconsider his/her
qualifications, and perhaps put him/her in, oh say... a data
But, as seems likely from here, they did answer the question asked, but
perhaps simplified or you simplified, and Vince perhaps misunderstood.
Normally, an IP address goes out over the 'Net, and normally that address is
correct. Nothing to worry about.
It is possible to build a firewall with no IP address at all, but I don't
think that firewall can do all of the things a typical one can and so may
not be appropriate for your environment. (Google for "bridging firewall" if
you're curious.) Even with one of these, there will be an IP address sent
to the other side; it won't be the firewall's ip address, but that of
something behind it, which is actually scarier than the firewall's IP going
IT Tools Developer
RE: Company Firewall's IP Address Louis Erickson (Nov 17)
RE: Company Firewall's IP Address John Canty (Nov 17)
RE: Company Firewall's IP Address Eric Schroeder (Nov 20)
Re: Company Firewall's IP Address Eric Schroeder (Nov 20)
- Re: Company Firewall's IP Address, (continued)