Re: Company Firewall's IP Address

["Eric Schroeder" <ericschroeder () satel com>]

Most people configure their firewalls to hide all of the addresses behind 
the firewall using the firewalls ip address.  This does pose certain 
security concerns as far as information gathering goes.  But there are 
other ways to determine firewall IP addresses.  But there are ways to 
overcome this to make life more difficult for hackers.

This is easily overcome on a Checkpoint firewall by using a different 
valid address to hide everyone behind.  Then you have to have either a 
route to the firewall for the valid address or configure the host 
operating system to arp for the new address, depending on your 
environment.

Also possible is masking different departments of a large organization 
behind different IP addresses at the firewall.  For example, if the 
external IP address of the firewall is x.x.x.1, then you could make the 
accounting department x.x.x.2, development department to x.x.x.3, etc. 
(Note - this will only work if you have these departments subnetted behind 
the firewall, ie. accounting is all using ip addresses in the 10.1.1.x 
network, development is all using ip addresses in the 10.1.2.x network, 
etc.)  This allows you to more easily determine where traffic from inside 
your network is coming from when questioned from an outside source.  (For 
example, someone reports that you have been compromised with the Code Red 
virus).

Good Luck,

Eric Schroeder
Satel Corporation





tony tony <tonytorri () yahoo com>
11/12/2002 03:09 PM

 
        To:     security-basics () securityfocus com, Cisaca <cisaca-l () purdue edu>
        cc: 
        Subject:        Company Firewall's IP Address


I was doing security research on the internet at work yesterday....when 
all of
a sudden I got a pop up advertisement that stated that I was broadcasting 
my IP
address to the entire internet.  It then showed a screen with my IP 
address
which was the the external IP interface of one of our companies firewalls. 


It just bothers me that someone would be able to determine the IP address 
of
our firewall that easily.  It seems to me that our firewall should operate 
in a
more stealth mode.  Our firewall administrator said it is not technically
possible to do this.  What is your take??I am not a checkpoint firewall 
guru?so
I do not know.   All I know is that if I was a hacker, I would love to 
hammer
away on an ip address that represented a firewall. 

Click on the following to learn more about this pop up site. 

http://www.bonzi.com/internetalert/ia99m.asp


__________________________________________________
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
http://launch.yahoo.com/u2