Security Basics mailing list archives
Re: Company Firewall's IP Address
From: "Eric Schroeder" <ericschroeder () satel com>
Date: Wed, 13 Nov 2002 14:54:20 -0700
Most people configure their firewalls to hide all of the addresses behind the firewall using the firewalls ip address. This does pose certain security concerns as far as information gathering goes. But there are other ways to determine firewall IP addresses. But there are ways to overcome this to make life more difficult for hackers. This is easily overcome on a Checkpoint firewall by using a different valid address to hide everyone behind. Then you have to have either a route to the firewall for the valid address or configure the host operating system to arp for the new address, depending on your environment. Also possible is masking different departments of a large organization behind different IP addresses at the firewall. For example, if the external IP address of the firewall is x.x.x.1, then you could make the accounting department x.x.x.2, development department to x.x.x.3, etc. (Note - this will only work if you have these departments subnetted behind the firewall, ie. accounting is all using ip addresses in the 10.1.1.x network, development is all using ip addresses in the 10.1.2.x network, etc.) This allows you to more easily determine where traffic from inside your network is coming from when questioned from an outside source. (For example, someone reports that you have been compromised with the Code Red virus). Good Luck, Eric Schroeder Satel Corporation tony tony <tonytorri () yahoo com> 11/12/2002 03:09 PM To: security-basics () securityfocus com, Cisaca <cisaca-l () purdue edu> cc: Subject: Company Firewall's IP Address I was doing security research on the internet at work yesterday....when all of a sudden I got a pop up advertisement that stated that I was broadcasting my IP address to the entire internet. It then showed a screen with my IP address which was the the external IP interface of one of our companies firewalls. It just bothers me that someone would be able to determine the IP address of our firewall that easily. It seems to me that our firewall should operate in a more stealth mode. Our firewall administrator said it is not technically possible to do this. What is your take??I am not a checkpoint firewall guru?so I do not know. All I know is that if I was a hacker, I would love to hammer away on an ip address that represented a firewall. Click on the following to learn more about this pop up site. http://www.bonzi.com/internetalert/ia99m.asp __________________________________________________ Do you Yahoo!? U2 on LAUNCH - Exclusive greatest hits videos http://launch.yahoo.com/u2
Current thread:
- Re: Company Firewall's IP Address, (continued)
- Re: Company Firewall's IP Address John Jasen (Nov 15)
- RE: Company Firewall's IP Address Rick Darsey (Nov 15)
- Re: Company Firewall's IP Address Steve Cooper (Nov 15)
- Re: Company Firewall's IP Address Bradley D. Moore (Nov 17)
- Re: Company Firewall's IP Address Chip McClure (Nov 15)
- RE: Company Firewall's IP Address John Tolmachoff (Nov 16)
- RE: Company Firewall's IP Address Daniel R. Miessler (Nov 16)
- RE: Company Firewall's IP Address Leonard.Ong (Nov 13)
- Re: Company Firewall's IP Address Meritt James (Nov 13)
- RE: Company Firewall's IP Address Bruce Fowler (Nov 15)
- Re: Company Firewall's IP Address Eric Schroeder (Nov 15)
- Re: Company Firewall's IP Address Ivan Coric (Nov 16)
- Re: Company Firewall's IP Address Meritt James (Nov 16)
- Re: Company Firewall's IP Address Bill Hamel (Nov 15)
- Re: Company Firewall's IP Address Meritt James (Nov 16)
- Re: Company Firewall's IP Address Bill Hamel (Nov 16)
- Re: Company Firewall's IP Address Bill Hamel (Nov 15)
- Re: Company Firewall's IP Address Edward N Schofield (Nov 16)
- Re: Company Firewall's IP Address Bill Hamel (Nov 15)
- RE: Company Firewall's IP Address Leonard.Ong (Nov 16)
- Re: Company Firewall's IP Address Meritt James (Nov 16)
- Re: Company Firewall's IP Address Bill Hamel (Nov 16)