Firewall Wizards mailing list archives
Re: internal numbers visible when browsing
From: "S. Jonah Pressman" <jonah () istar ca>
Date: Tue, 26 Sep 2000 11:50:35 -0400
JF: The last thing you want an intruder to do is to pretend that he/she is coming from a trusted inside address when, in fact, the intruder is somewhere else altogether (i.e. spoof). Your best line of defence in this case without adding hardware is to add a simple rule to the border router that will deny incoming traffic at the outer NIC pretending to come from a source address 172.16.n.0/24 notwithstanding that RFC 1918 describes 172.16.0.0/12 as a private address range and is, by most vendor defaults not routed.... Cisco Example (note the Cisco Wildcard for /24): # config t (config)# ip access-list extended 101 (config-ext-nacl)# access-list 101 deny ip 172.16.1.0 0.0.0.255 any log (config-ext-nacl)# access-list 101 deny ip 172.16.2.0 0.0.0.255 any log (config-ext-nacl)# access-list 101 deny ip 172.16.3.0 0.0.0.255 any log (config-ext-nacl)# <...and so on with your rules> don't forget to apply the access-list to incoming traffic on the outside interface Cisco Example (assuming serial interface): # config t (config)# interface serial0 (config-if)# ip access-goup 101 in Best Regards, Jonah jf () gmx net wrote:
Hi everybody, This question may sound silly but....... Consider the following: internal net: router: Internet 172.16.1.0/24 172.16.1.252 XXX.XXX.XXX.XXX 172.16.2.0/24 172.16.3.0/24 All the subnets 172.16.yyy.yyy connect via the router to XXX.XXX.XXX.XXX When trying to find out which information is given outside the company's net by Browsers (MSIE, Netscape), I found out that except from 172.16.1.0/24 the internal IP ( 172.16.2.yyy ..) was transmitted. Does that mean a risk for the company ? Remember: there is no Firewall, just a screening router..... thanks, jf _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
-- S. Jonah Pressman President NCS Data Inc. Thornhill, Ontario, Canada jpressman () bigfoot com ------------ 'ome is where you hang your @ ----------------- _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Re: internal numbers visible when browsing S. Jonah Pressman (Oct 01)
- Re: internal numbers visible when browsing Joseph S D Yao (Oct 03)