Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] advertising private IP numbers?

From: "van der Kooij, Hugo" <Hugo.van.der.Kooij () CAIW NL>
Date: Fri, 22 Dec 2000 20:13:19 +0100
On Fri, 22 Dec 2000, Dan Schleifer wrote:


"Barber, Chris" wrote:


That or that IP forwarding is turned on on the Proxy/Firewall which is not a
good idea.


Well, by definition, a Proxy/Firewall has to have ip forwarding turned
on, or else it would not achieve the desired effect of passing any
traffic.  What this person needs are rule sets on the firewall to allow
back connections in, but no externally initiated connections in.


Mind you.

While a non proxying firewall will need to have IP forwarding the use of a
proxying firewall is not to have the OS do the IP forwarding.


The other question I have, is why is this person using the reserved
address space on a non-stub network?  I assume the hops listed as '22'
and '23' are "real IPs" and are x'd out to protect the identity of the
network.  If this is the case, I wonder why they'd route real IP's
through a NAT'd network....


Such is life on ADSL networks.

Hugo.

--
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ  Maasland
hvdkooij () caiw nl     http://home.kabelfoon.nl/~hvdkooij/
--------------------------------------------------------------
This message has not been checked and may contain harmfull content.
Previous By Date Next
Previous By Thread Next

Current thread: