Security Basics mailing list archives
RE: Company Firewall's IP Address
From: "Benjamin Meade" <ben () lanwest com au>
Date: Fri, 22 Nov 2002 08:47:24 +0800
I may be reading this wrong, but if the firewall responds to arp requests for 10.1.1.1 then this is effectively the firewalls IP address and will have the same effect as knowing whatever the real address is. Benjamin Meade Systems Administrator LanWest Pty Ltd -----Original Message----- From: Eric Schroeder [mailto:ericschroeder () satel com] Sent: Tuesday, 19 November 2002 6:01 AM To: Bill Hamel Cc: cisaca-l () purdue edu; Leonard.Ong () nokia com; Meritt James; security-basics () securityfocus com; shuffle3 () insightbb com; tonytorri () yahoo com Subject: Re: Company Firewall's IP Address You just have to configure ARP properly. For example---- Internet Router Firewall End User 10.1.1.254 10.1.1.58 192.168.1.1 192.168.1.51 You could use NAT on the firewall to hide everyone behind the IP address 10.1.1.1. Then you would have to configure the firewall to respond to arp requests for 10.1.1.1, or you would have to configure the internet router with a static arp entry for 10.1.1.1. But no one ever needs to know the actual IP address of the firewall. FWIW, Eric Schroeder Satel Corporation Bill Hamel <billh () bugs hamel net> 11/15/2002 08:42 PM To: Meritt James <meritt_james () bah com> cc: Leonard.Ong () nokia com, <shuffle3 () insightbb com>, <tonytorri () yahoo com>, <security-basics () securityfocus com>, <cisaca-l () purdue edu> Subject: Re: Company Firewall's IP Address Then routing wise, how do the packets find their way back to the firewall if they don't know the source IP ? ? On Fri, 15 Nov 2002, Meritt James wrote:
Such is not the case. I've done otherwise. Bill Hamel wrote:Unless I am missing something in the question, no matter what you
do,
what/whoever you connect to through a firewall will always know the
IP
address of the the trusted interface of the firewall. -bh On Wed, 13 Nov 2002, Meritt James wrote:"an" IP Address - not necessarily the originating individual.
There are
a LOT of ways around that. Jim Leonard.Ong () nokia com wrote:There is nothing new about finding your IP Address and display
it on the web page.
-- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566-- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566
Current thread:
- Re: Company Firewall's IP Address, (continued)
- Re: Company Firewall's IP Address Frederick Garbrecht (Nov 18)
- Re: Company Firewall's IP Address Andre Speelmans (Nov 19)
- Re: Company Firewall's IP Address Meritt James (Nov 18)
- Re: Company Firewall's IP Address Bill Hamel (Nov 22)
- query on firewall throughput..... SaiKrishna (Nov 18)
- Re: Company Firewall's IP Address Bill Hamel (Nov 19)
- RE: Company Firewall's IP Address Benjamin Meade (Nov 22)