Security Basics mailing list archives
RE: Company Firewall's IP Address
From: "Vince Hillier" <vdh () plutonium homeunix com>
Date: Wed, 13 Nov 2002 16:33:31 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Comments below... Vince Hillier vdh () plutonium homeunix com http://plutonium.homeunix.com |-----Original Message----- |From: tony tony [mailto:tonytorri () yahoo com] |Sent: Tuesday, November 12, 2002 2:09 PM |To: security-basics () securityfocus com; Cisaca |Subject: Company Firewall's IP Address | |I was doing security research on the internet at work yesterday....when all |of |a sudden I got a pop up advertisement that stated that I was broadcasting |my IP |address to the entire internet. It then showed a screen with my IP address |which was the the external IP interface of one of our companies firewalls. So I assume you route through the firewall machine. |It just bothers me that someone would be able to determine the IP address |of |our firewall that easily. It seems to me that our firewall should operate |in a |more stealth mode. Why does it bother you? You can connect to their server, but they cannot identify you? Hmm... that would probably bother them, especially if you were up to no good. |Our firewall administrator said it is not technically |possible to do this. Is he/she for real? Of course it is technically possible to identify machine IPs is they are connecting to your webserver, I really hope he/she means it is not possible to determine the internal IP that the request originated from, if not, then you need a new firewall administrator. |What is your take?.I am not a checkpoint firewall |guru.so |I do not know. All I know is that if I was a hacker, I would love to |hammer |away on an ip address that represented a firewall. That's probably the stupidest thing you could do, unless you want to get caught, of course. Firewall are generally monitored, unless your firewall administrator thinks it's impossible for someone to determine the IP of the machine, then you're, well, hopeless. |Click on the following to learn more about this pop up site. | |http://www.bonzi.com/internetalert/ia99m.asp In closing, that site simply returned the $REMOTE_ADDR (address that requested the document on their site). There is nothing fishy about this, every site you visit can tell you that IP so long as you route through it. Seriously, if your fw techie thinks it's impossible to get the IP of that machine, your company should immediately reconsider his/her qualifications, and perhaps put him/her in, oh say... a data entry position. -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 (Build 349) Beta iQA/AwUBPdLvW0BtW3tWqkVxEQJ5JACg2UJqwSadmvY8uammnTAfVHwVgZ4An3J1 DE/XzW8PwExVUsCp+Xg7pjhC =KjxE -----END PGP SIGNATURE-----
Current thread:
- Company Firewall's IP Address tony tony (Nov 13)
- RE: Company Firewall's IP Address Michael S Hines (Nov 13)
- Re: Company Firewall's IP Address Edward N Schofield (Nov 13)
- RE: Company Firewall's IP Address Vince Hillier (Nov 15)
- RE: Company Firewall's IP Address Vince Hillier (Nov 14)
- Re: Company Firewall's IP Address Eric Balsa (Nov 14)
- Re: Company Firewall's IP Address Mike Dresser (Nov 14)
- RE: Company Firewall's IP Address Bill Lavalette (Nov 14)
- Re: Company Firewall's IP Address David J. Bianco (Nov 14)
- Re: Company Firewall's IP Address Bill Hamel (Nov 16)
- Re: Company Firewall's IP Address Igor' Spivak (Nov 14)
- Re: Company Firewall's IP Address John Jasen (Nov 15)
- RE: Company Firewall's IP Address Rick Darsey (Nov 15)
- Re: Company Firewall's IP Address Steve Cooper (Nov 15)
- Re: Company Firewall's IP Address Bradley D. Moore (Nov 17)
(Thread continues...)