Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Basic NAT / Firewall Question

From: "David Gillett" <gillettdavid () fhda edu>
Date: Fri, 18 Aug 2006 14:21:18 -0700
  This is almost certainly up to the firewall admin, how much
the firewall filters and how much it forwards to the NATted 
destination.

  A very basic question is:  Is the firewall doing port-forwarding
(traffic to port ZZ gets translated and forwarded to the server), 
or static NATting (non-filtered(!) traffic for public address x.x.x.x 
gets translated and forwarded to private address y.y.y.y)?

  Also open is what the firewall does with a filtered port --
does it silently drop the traffic, or respond via ICMP and, 
if the latter, does it provide the *same* response that a
blocked port at the host does?  (Probably not, since the
source address will be of the firewall rather than the NATted
destination....)  Some firewall models offer the admin more 
choice in this regard than others.

David Gillett



-----Original Message-----
From: thatch [mailto:leethatcher () gmail com] 
Sent: Friday, August 18, 2006 10:29 AM
To: security-basics () securityfocus com
Subject: Basic NAT / Firewall Question


forgive me if this question seems pretty basic but could 
anyone tell explain this to me.

i'm performing a practice assesment and i have located an IP 
of a web based mail server (OWA).  this server is sitting 
behind a hardware firewall (say PIX or Checkpoint)that is 
NATing the IP Address to an internal non-routable address.  
Now, if i use a tool such as Nmap to scan that external IP 
are my scan results influenced by the Firewall.  Do firewalls 
when NATing take all traffic from the external IP and pass it 
to the internal nertwork and expect the server to have the 
remaing services closed down or do they only take traffic 
destined for a port and drop everything else.  if it's the 
later, when i scan am i only scaning the 1 port that is 
allowing traffic to be forward to it?

Is there a way of determining if the firewall is blocking the 
traffic to the other ports or if the Server has been locked 
down and is blocking them?

Any help would be appreciated.

Regards

Thatch


--
View this message in context: 
http://www.nabble.com/Basic-NAT---Firewall-Question-tf2128555.
html#a5874111
Sent from the Security Basics forum at Nabble.com.


--------------------------------------------------------------
-------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of 
Academic Excellence 
in Information Security. Our program offers unparalleled 
Infosec management 
education and the case study affords you unmatched consulting 
experience. 
Using interactive e-Learning technology, you can earn this 
esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
--------------------------------------------------------------
-------------




---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: