Security Basics mailing list archives
Re: Company Firewall's IP Address
From: Bill Hamel <billh () bugs hamel net>
Date: Thu, 14 Nov 2002 22:09:15 -0500 (EST)
Hi, NAT does not reveal internal address space to external sources. The NAT device creates an Address Translation Table where it keeps track of each connection using source ports that 'it' assigns, and not internal ip addresses. Basically the table looks something like this: Source Device Source Port NAT Device IP NAT Assigned Source Port 192.168.1.1 412 209.195.210.222 2345 192.168.1.2 50 209.195.210.222 3456 192.168.1.3 3245 209.195.210.222 4567 The only information that is 'seen' by device on the internet from the above table is the NAT Device IP and the NAT Assigned source port. The NAT device IP gives the destination a routable IP address to talk to as well as the port. So even if all 3 devices above are connected to the same device out on the internet, the NAT device knows who gets which returning packet by the port it assigned to the conversation. IMHO of coarse :) -b On 13 Nov 2002, David J. Bianco wrote:
On Tue, 2002-11-12 at 17:09, tony tony wrote:I was doing security research on the internet at work yesterday....when all of a sudden I got a pop up advertisement that stated that I was broadcasting my IP address to the entire internet. It then showed a screen with my IP address which was the the external IP interface of one of our companies firewalls. It just bothers me that someone would be able to determine the IP address of our firewall that easily. It seems to me that our firewall should operate in a more stealth mode. Our firewall administrator said it is not technically possible to do this. What is your take?I am not a checkpoint firewall guruso I do not know. All I know is that if I was a hacker, I would love to hammer away on an ip address that represented a firewall.Your firewall administrator is right. There's no way around providing a valid IP address. When you communicate with another computer over any network, including the Internet, you've got to include not only the IP address of that other computer, but also your own. After all, when the remote computer replies to you, it needs to know where to send those replies. Having said that, you generally have two choices about *what* IP address to give. If you have a very simplistic firewall, it will expose all internal addresses to the Internet. In other words, when your internal machine makes a connection outside the firewall, the servers will see your machine's real IP address. Since this gives them some amount of information about the layout of your internal network, this is generally considered poor form. What usually happens is that the firewall rewrites your IP address and substitutes its own. The remote servers see the connection apparently coming from the firewall machine, and they reply to that address. The firewall is smart enough to forward these replies to your machine, so your machine thinks it is communicating with the server directly, even though the firewall is actually acting as a middle man. This process, known as Network Address Translation (NAT), is quite common and usually desirable. It's better to advertise a single IP than all the IP addresses on your network, and since the IP address must be valid, the hardened firewall system is actually a really good choice. David -- David J. Bianco <bianco () jlab org> Thomas Jefferson National Accelerator Facility
Current thread:
- Company Firewall's IP Address tony tony (Nov 13)
- RE: Company Firewall's IP Address Michael S Hines (Nov 13)
- Re: Company Firewall's IP Address Edward N Schofield (Nov 13)
- RE: Company Firewall's IP Address Vince Hillier (Nov 15)
- RE: Company Firewall's IP Address Vince Hillier (Nov 14)
- Re: Company Firewall's IP Address Eric Balsa (Nov 14)
- Re: Company Firewall's IP Address Mike Dresser (Nov 14)
- RE: Company Firewall's IP Address Bill Lavalette (Nov 14)
- Re: Company Firewall's IP Address David J. Bianco (Nov 14)
- Re: Company Firewall's IP Address Bill Hamel (Nov 16)
- Re: Company Firewall's IP Address Igor' Spivak (Nov 14)
- Re: Company Firewall's IP Address John Jasen (Nov 15)
- RE: Company Firewall's IP Address Rick Darsey (Nov 15)
- Re: Company Firewall's IP Address Steve Cooper (Nov 15)
- Re: Company Firewall's IP Address Bradley D. Moore (Nov 17)
- Re: Company Firewall's IP Address Chip McClure (Nov 15)
- RE: Company Firewall's IP Address John Tolmachoff (Nov 16)
- RE: Company Firewall's IP Address Daniel R. Miessler (Nov 16)
- <Possible follow-ups>
- RE: Company Firewall's IP Address Leonard.Ong (Nov 13)
- Re: Company Firewall's IP Address Meritt James (Nov 13)
(Thread continues...)