Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] advertising private IP numbers?

From: Carric Dooley <carric () COM2USA COM>
Date: Fri, 22 Dec 2000 15:49:19 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jason is correct.  Packet filtering firewalls route, but proxies do not.
The proxy essentially tears the packet down on one side, and then rebuilds
it on the other.  To use a (bad) example, when configuring an MS Proxy
server, you disable routing so the app proxy cannot be bypassed (via
routing anyway -- or at least that is the intended effect).


Carric Dooley
Senior Consultant
COM2:Interactive Media

"But this one goes to eleven."
- -- Nigel Tufnel


On Fri, 22 Dec 2000, Jason Paulson wrote:


** Well, by definition, a Proxy/Firewall has to have ip forwarding turned
** on

This is not true.
There are a large number of 'Proxy/Firewall's that do not use ip forwarding.
Take a look at the Application Proxies on the market.

Jason



-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1
Comment: Made with pgp4pine 1.75-6

iQA/AwUBOkO+X1UqWOkDpMZ2EQJCFwCcDBUgjsQ5DP7gS2sauTgLEiIxVKEAoLj0
iD8NZ2IXOv14KSuZ+MdtBDHE
=SqlJ
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: