Security Basics mailing list archives
RE: Company Firewall's IP Address
From: Louis Erickson <LErickson () ariba com>
Date: Thu, 14 Nov 2002 14:02:59 -0800
From: Vince Hillier [mailto:vdh () plutonium homeunix com] |From: tony tony [mailto:tonytorri () yahoo com] |Sent: Tuesday, November 12, 2002 2:09 PM |To: security-basics () securityfocus com; Cisaca |Subject: Company Firewall's IP Address | |I was doing security research on the internet at work yesterday....when all |of |a sudden I got a pop up advertisement that stated that I was broadcasting |my IP |address to the entire internet. It then showed a screen with my IP address |which was the the external IP interface of one of our companies firewalls. So I assume you route through the firewall machine.
tony: You are broadcasting an IP to the internet; that of your firewall. Many things you do on the Internet - HTTP among them - require a bidirectional link, which means that both sides need to know the IP address of the other. Anything using TCP and actually working probably does. Your machine's internal IP wasn't broadcast; your office's firewall or NAT gateway or some other machine's was. This is normal. Hopefully, that machine is monitored, and well maintained, so hacking it won't be easy or fruitful. If you're not aware of how IP connections like your web server work, you're right to be trying to learn more, and you might look for a basic book on networking. I don't have any really good recommendations, but others here certainly will.
|It just bothers me that someone would be able to determine the IP address |of |our firewall that easily. It seems to me that our firewall should operate |in a |more stealth mode. Why does it bother you? You can connect to their server, but they cannot identify you? Hmm... that would probably bother them, especially if you were up to no good.
That's true. It's also true that that's how common protocols on the Internet work. There needs to be an IP address of some sort; your firewall gets that honor. Don't worry about that so much.
|Our firewall administrator said it is not technically |possible to do this. Is he/she for real? Of course it is technically possible to identify machine IPs is they are connecting to your webserver, I really hope he/she means it is not possible to determine the internal IP that the request originated from, if not, then you need a new firewall administrator.
Vince, I read that to mean, "Our firewall administrator said it is not technically possible to hide the IP address of our firewall" instead of "it is not possible to identify machines". That's a very different statement, to which your reply isn't correct.
|What is your take?.I am not a checkpoint firewall |guru.so |I do not know. All I know is that if I was a hacker, I would love to |hammer |away on an ip address that represented a firewall. That's probably the stupidest thing you could do, unless you want to get caught, of course. Firewall are generally monitored, unless your firewall administrator thinks it's impossible for someone to determine the IP of the machine, then you're, well, hopeless.
Knowing someone's firewall's address is of only limited use. Don't worry about it.
|Click on the following to learn more about this pop up site. | |http://www.bonzi.com/internetalert/ia99m.asp In closing, that site simply returned the $REMOTE_ADDR (address that requested the document on their site). There is nothing fishy about this, every site you visit can tell you that IP so long as you route through it. Seriously, if your fw techie thinks it's impossible to get the IP of that machine, your company should immediately reconsider his/her qualifications, and perhaps put him/her in, oh say... a data entry position.
But, as seems likely from here, they did answer the question asked, but perhaps simplified or you simplified, and Vince perhaps misunderstood. Normally, an IP address goes out over the 'Net, and normally that address is correct. Nothing to worry about. It is possible to build a firewall with no IP address at all, but I don't think that firewall can do all of the things a typical one can and so may not be appropriate for your environment. (Google for "bridging firewall" if you're curious.) Even with one of these, there will be an IP address sent to the other side; it won't be the firewall's ip address, but that of something behind it, which is actually scarier than the firewall's IP going out. Lou Erickson IT Tools Developer Ariba, Inc.
Current thread:
- Re: Company Firewall's IP Address, (continued)
- Re: Company Firewall's IP Address Bill Hamel (Nov 16)
- Re: Company Firewall's IP Address Edward N Schofield (Nov 16)
- Re: Company Firewall's IP Address Bill Hamel (Nov 15)
- RE: Company Firewall's IP Address Leonard.Ong (Nov 16)
- Re: Company Firewall's IP Address Meritt James (Nov 16)
- Re: Company Firewall's IP Address Bill Hamel (Nov 16)
- Re: Company Firewall's IP Address Frederick Garbrecht (Nov 18)
- Re: Company Firewall's IP Address Andre Speelmans (Nov 19)
- Re: Company Firewall's IP Address Meritt James (Nov 18)
- Re: Company Firewall's IP Address Bill Hamel (Nov 22)
- Re: Company Firewall's IP Address Bill Hamel (Nov 16)
- query on firewall throughput..... SaiKrishna (Nov 18)
- Re: Company Firewall's IP Address Bill Hamel (Nov 19)
- RE: Company Firewall's IP Address Benjamin Meade (Nov 22)