Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] advertising private IP numbers?

From: Dan Schleifer <dan () DEVIRTUS COM>
Date: Fri, 22 Dec 2000 11:54:25 -0500
"Barber, Chris" wrote:


That or that IP forwarding is turned on on the Proxy/Firewall which is not a
good idea.



Well, by definition, a Proxy/Firewall has to have ip forwarding turned
on, or else it would not achieve the desired effect of passing any
traffic.  What this person needs are rule sets on the firewall to allow
back connections in, but no externally initiated connections in.

The other question I have, is why is this person using the reserved
address space on a non-stub network?  I assume the hops listed as '22'
and '23' are "real IPs" and are x'd out to protect the identity of the
network.  If this is the case, I wonder why they'd route real IP's
through a NAT'd network....

-Dan


--
Dan Schleifer | 804.242.5088 | dan () soyjew com
                  Super Jew
Previous By Date Next
Previous By Thread Next

Current thread: