RE: Company Firewall's IP Address

["Vince Hillier" <vdh () plutonium homeunix com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Comments below...

Vince Hillier
vdh () plutonium homeunix com
http://plutonium.homeunix.com


|-----Original Message-----
|From: tony tony [mailto:tonytorri () yahoo com]
|Sent: Tuesday, November 12, 2002 2:09 PM
|To: security-basics () securityfocus com; Cisaca
|Subject: Company Firewall's IP Address
|
|I was doing security research on the internet at work yesterday....when all
|of
|a sudden I got a pop up advertisement that stated that I was broadcasting
|my IP
|address to the entire internet.  It then showed a screen with my IP address
|which was the the external IP interface of one of our companies firewalls.

So I assume you route through the firewall machine.

|It just bothers me that someone would be able to determine the IP address
|of
|our firewall that easily.  It seems to me that our firewall should operate
|in a
|more stealth mode.  

Why does it bother you?  You can connect to their server, but they cannot identify you? Hmm... that would probably 
bother them, especially if you were up to no good.

|Our firewall administrator said it is not technically
|possible to do this.  

Is he/she for real?  Of course it is technically possible to identify machine IPs is they are connecting to your 
webserver, I really hope he/she means it is not possible to determine the internal IP that the request originated from, 
if not, then you need a new firewall administrator.

|What is your take?.I am not a checkpoint firewall
|guru.so
|I do not know.   All I know is that if I was a hacker, I would love to
|hammer
|away on an ip address that represented a firewall.

That's probably the stupidest thing you could do, unless you want to get caught, of course.  Firewall are generally 
monitored, unless your firewall administrator thinks it's impossible for someone to determine the IP of the machine, 
then you're, well, hopeless.

|Click on the following to learn more about this pop up site.
|
|http://www.bonzi.com/internetalert/ia99m.asp

In closing, that site simply returned the $REMOTE_ADDR (address that requested the document on their site).  There is 
nothing fishy about this, every site you visit can tell you that IP so long as you route through it.  Seriously, if 
your fw techie thinks it's impossible to get the IP of that machine, your company should immediately reconsider his/her 
qualifications, and perhaps put him/her in, oh say... a data entry position.


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 (Build 349) Beta

iQA/AwUBPdLvW0BtW3tWqkVxEQJ5JACg2UJqwSadmvY8uammnTAfVHwVgZ4An3J1
DE/XzW8PwExVUsCp+Xg7pjhC
=KjxE
-----END PGP SIGNATURE-----