[PEN-TEST] RES: [PEN-TEST] advertising private IP numbers?

[Leandro José Malaquias de Oliveira <Leandro () HEPTA COM BR>]

I´ve been testing the svcacl.cnf vulnerability.
It seems that I´m actually downloading the file, but  after downloading it.
I can´t find it in my machine. Can anyone tell me if thats because I´m
executing it remotly. Or what is actually happening.

Thank you

leandro

-----Mensagem original-----
De: Deus, Attonbitus [mailto:Thor () HAMMEROFGOD COM]
Enviada em: Friday, December 22, 2000 2:17 PM
Para: PEN-TEST () SECURITYFOCUS COM
Assunto: Re: [PEN-TEST] advertising private IP numbers?


> Well, by definition, a Proxy/Firewall has to have ip forwarding turned
> on, or else it would not achieve the desired effect of passing any
> traffic.

Insofar as MS Proxy is concerned, this is not true.  IP Forwarding should be
spefically turned off, or anything on the external segment will be able to
route into your private network.  The forwarding functionality is provided
for by the proxy service itself.

I have seen forwarding turned on in cache-only configurations, but it is not
the correct setting when standard firewall/packet filtering configurations
are used.

---------------------------------
Attonbitus Deus
Thor () HammerofGod Com