Re: Company Firewall's IP Address

["Bradley D. Moore" <brad.moore () circlecity net>]

If the IP address shown was that of your firewall, then your firewall must be 
running NAT.  If this is the case, then your network admin is correct.  Fir 
the firewall to be more stealthy, it would need to be running in bridged (not 
routed) mode, which precludes the use of NAT and requires a) your machine have 
a globally unique IP address ( in which case *that* would have been the 
address shown), or b) some other (routing) device run NAT.  

An important point Steve makes is that SOME IP address must always be known to 
any host you connect to, or communications cannot occur.  Which address(es) 
are divulged is entierly a question of network design.


-------------------------------------
If I were to walk on water, the press would say I'm only doing it
because I can't swim.
                -- Bob Stanfield
-------------------------------------
Bradley D. Moore, CNE, CCNE, CCNA
brad.moore () circlecity net
317-331-7168
-------------------------------------
PGP Public Key: http://www.circlecity.net/brad.moore.asc
PGP Fingerprint: 347D 05BB 56D4 0675 5D2C F3A6 42AA B1B0 F4BD 610B



---------- Original Message -----------
From: Steve Cooper <steve () nuclear-monkeys co uk>
To: tony tony <tonytorri () yahoo com>
Sent: 13 Nov 2002 21:40:17 +0000
Subject: Re: Company Firewall's IP Address

> On Tue, 2002-11-12 at 22:09, tony tony wrote:
> > I was doing security research on the internet at work yesterday....when 
all of
> > a sudden I got a pop up advertisement that stated that I was broadcasting 
my IP
> > address to the entire internet.  It then showed a screen with my IP address
> > which was the the external IP interface of one of our companies firewalls. 
> >
> > It just bothers me that someone would be able to determine the IP address 
of
> > our firewall that easily.  It seems to me that our firewall should operate 
in a
> > more stealth mode.  Our firewall administrator said it is not technically
> > possible to do this.  What is your take?…I am not a checkpoint firewall 
guru…so
> > I do not know.   All I know is that if I was a hacker, I would love to 
hammer
> > away on an ip address that represented a firewall. 
> >
> > Click on the following to learn more about this pop up site. 
> >
> > http://www.bonzi.com/internetalert/ia99m.asp
> >
> >
> > __________________________________________________
> > Do you Yahoo!?
> > U2 on LAUNCH - Exclusive greatest hits videos
> > http://launch.yahoo.com/u2
>
> Your admins right, your IP has to be known in order for information to
> be returned from the internet to you and a companys external IP's are
> easy to find with legal tools and websites like samspade.org or whois
> queries with domain registrars.
> It's the ports that are open on your IP address that are the real
> danger, in order to hack your PC an attacker will need some ports open
> so they can send information through those ports. If your firewall is
> securely configured and you don't host any web or mail servers that
> allow trafic inside then you should be ok.
------- End of Original Message -------