Home page logo
/

basics logo Security Basics mailing list archives

Re: Company Firewall's IP Address
From: "Bradley D. Moore" <brad.moore () circlecity net>
Date: Fri, 15 Nov 2002 13:04:21 -0500

If the IP address shown was that of your firewall, then your firewall must be 
running NAT.  If this is the case, then your network admin is correct.  Fir 
the firewall to be more stealthy, it would need to be running in bridged (not 
routed) mode, which precludes the use of NAT and requires a) your machine have 
a globally unique IP address ( in which case *that* would have been the 
address shown), or b) some other (routing) device run NAT.  

An important point Steve makes is that SOME IP address must always be known to 
any host you connect to, or communications cannot occur.  Which address(es) 
are divulged is entierly a question of network design.


-------------------------------------
If I were to walk on water, the press would say I'm only doing it
because I can't swim.
                -- Bob Stanfield
-------------------------------------
Bradley D. Moore, CNE, CCNE, CCNA
brad.moore () circlecity net
317-331-7168
-------------------------------------
PGP Public Key: http://www.circlecity.net/brad.moore.asc
PGP Fingerprint: 347D 05BB 56D4 0675 5D2C F3A6 42AA B1B0 F4BD 610B



---------- Original Message -----------
From: Steve Cooper <steve () nuclear-monkeys co uk>
To: tony tony <tonytorri () yahoo com>
Sent: 13 Nov 2002 21:40:17 +0000
Subject: Re: Company Firewall's IP Address

On Tue, 2002-11-12 at 22:09, tony tony wrote:
I was doing security research on the internet at work yesterday....when 
all of
a sudden I got a pop up advertisement that stated that I was broadcasting 
my IP
address to the entire internet.  It then showed a screen with my IP address
which was the the external IP interface of one of our companies firewalls. 

It just bothers me that someone would be able to determine the IP address 
of
our firewall that easily.  It seems to me that our firewall should operate 
in a
more stealth mode.  Our firewall administrator said it is not technically
possible to do this.  What is your take?…I am not a checkpoint firewall 
guru…so
I do not know.   All I know is that if I was a hacker, I would love to 
hammer
away on an ip address that represented a firewall. 

Click on the following to learn more about this pop up site. 

http://www.bonzi.com/internetalert/ia99m.asp


__________________________________________________
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
http://launch.yahoo.com/u2


Your admins right, your IP has to be known in order for information to
be returned from the internet to you and a companys external IP's are
easy to find with legal tools and websites like samspade.org or whois
queries with domain registrars.
It's the ports that are open on your IP address that are the real
danger, in order to hack your PC an attacker will need some ports open
so they can send information through those ports. If your firewall is
securely configured and you don't host any web or mail servers that
allow trafic inside then you should be ok.
------- End of Original Message -------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault