Security Basics mailing list archives

Re: Company Firewall's IP Address

From: Bill Hamel <billh () bugs hamel net>
Date: Mon, 18 Nov 2002 17:42:12 -0500 (EST)

Hi,

I was responding to the "Such is not the case.  I've done otherwise."
Comment below.

-b


On Mon, 18 Nov 2002, Eric Schroeder wrote:

You just have to configure ARP properly.

For example----

Internet Router                                              Firewall
               End User
10.1.1.254                                          10.1.1.58 192.168.1.1
               192.168.1.51

You could use NAT on the firewall to hide everyone behind the IP address
10.1.1.1. Then you would have to configure the firewall to respond to arp
requests for 10.1.1.1, or you would have to configure the internet router
with a static arp entry for 10.1.1.1.  But no one ever needs to know the
actual IP address of the firewall.

FWIW,

Eric Schroeder
Satel Corporation





Bill Hamel <billh () bugs hamel net>
11/15/2002 08:42 PM


        To:     Meritt James <meritt_james () bah com>
        cc:     Leonard.Ong () nokia com, <shuffle3 () insightbb com>, <tonytorri () yahoo com>,
<security-basics () securityfocus com>, <cisaca-l () purdue edu>
        Subject:        Re: Company Firewall's IP Address


Then routing wise, how do the packets find their way back to the firewall
if they don't know the source IP ? ?


On Fri, 15 Nov 2002, Meritt James wrote:

Such is not the case.  I've done otherwise.

Bill Hamel wrote:


Unless I am missing something in the question, no matter what you do,
what/whoever you connect to through a firewall will always know the IP
address of the the trusted interface of the firewall.

-bh

On Wed, 13 Nov 2002, Meritt James wrote:

"an" IP Address - not necessarily the originating individual.  There

are

a LOT of ways around that.

Jim

Leonard.Ong () nokia com wrote:

There is nothing new about finding your IP Address and display it

on the web page.


--
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566


--
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

Current thread:

Re: Company Firewall's IP Address, (continued)
- - Re: Company Firewall's IP Address Bill Hamel (Nov 16)
    - Re: Company Firewall's IP Address Frederick Garbrecht (Nov 18)
    - Re: Company Firewall's IP Address Andre Speelmans (Nov 19)
    - Re: Company Firewall's IP Address Meritt James (Nov 18)
    - Re: Company Firewall's IP Address Bill Hamel (Nov 22)
- RE: Company Firewall's IP Address Louis Erickson (Nov 17)
- RE: Company Firewall's IP Address John Canty (Nov 17)
  - query on firewall throughput..... SaiKrishna (Nov 18)
- RE: Company Firewall's IP Address Eric Schroeder (Nov 19)
- Re: Company Firewall's IP Address Eric Schroeder (Nov 19)
  - Re: Company Firewall's IP Address Bill Hamel (Nov 19)
  - RE: Company Firewall's IP Address Benjamin Meade (Nov 22)