Network Question...
Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Network Question...

  1. #1
    Senior Member
    Join Date
    May 2004
    Posts
    140

    Network Question...

    on my network we use all 172 (private) addresses. We have no webserver or public IPs whatsoever behind the firewall...
    What does this mean for securing this network? isnt all the work then done on the firewall? is that the most important? i guess i am not sure of the implicatuions with this type of network?
    Romans 7:14-20
    14 We know that the law is spiritual; but I am unspiritual, sold as a slave to sin. 15 I do not understand what I do. For what I want to do I do not do, but what I hate I do. 16 And if I do what I do not want to do, I agree that the law is good. 17 As it is, it is no longer I myself who do it, but it is sin living in me. 18 I know that nothing good lives in me, that is, in my sinful nature. For I have the desire to do what is good, but I cannot carry it out.

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    No, you still have plenty to worry about.

    Spyware, viruses, trojans, disgruntled employees, people walking in off the street, etc. people plugging in rogue wireless access points, misconfigured modems that people can wardial, etc. the list goes on.

    The firewall is just a layer at the boarder. Many places have more than one layer at the boarder. The boarder firewall is just a start. (IDS/IPS/VPN/another firewall)....
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Senior Member
    Join Date
    Mar 2002
    Location
    Snohomish WA
    Posts
    315
    Your network using private addressing does little to make you secure....what you need to check is the visibility of your firewall's external IP address (the one assigned by your ISP) from outside of the network.
    What kinds of access to the net do your users require, does anybody require access to your network from the internet?
    What firewall/server are you using?
    Faqt


    If you want to make God laugh....make plans.

  4. #4
    I'm not sure if this is info you're looking for, but...

    Every box in your LAN will have both a private (LAN IP) and public (WAN IP) address. LAN IPs are how other computers and machines within the LAN identifty your computer (in your case the 172.... adresses). Then, each of those computers also has a WAN IP for connecting to the Internet. If I were to successfully ping your computer from outside the LAN, I'd get the WAN IP for it. If I pinged from inside, then the LAN IP.

    Obviously then, your firewall's job is to protect access to those WAN IPs, and in regard to IP addresses specifically, that's what you're worried about. Can someone successfully ping you from the outside, thus getting your WAN IP?

    (Am I on the right track senior members?)

  5. #5
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    Nope, every box only needs an internal IP adresss, unless it is connected directly to the internet.

    If a computer on a network is directly connecyed to the internet then that will require an external IP, unless it goes through a router/modem in which case the router/modem will have the external ip!
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  6. #6
    Ok, I was assuming all his are Internet connected. So then I can't ping a specific box within the LAN from the outside world then, right? Because the ping would bring back the WAN IP of the router? I'm still having trouble with that detail myself, I think that's why I can't get my dang VNC to work.

  7. #7
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    If I were to successfully ping your computer from outside the LAN, I'd get the WAN IP for it. If I pinged from inside, then the LAN IP.
    You wouldnt necessarily be able to ping a box on a lan unless it is directly connected to the internet.

    However you dont "get" ip's when you ping something, as you need the IP in the first place to ping it!

    The ip that you would have would either be the router/modem or the box connected to the internet so you would just ping that, not any internal boxs.
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  8. #8
    Senior Member
    Join Date
    Jun 2004
    Posts
    460
    i'm not a senior member, but you aren't entirely on track because if he is using a NAT scheme, the router/firewall knows where to forward the communication based on port... ex: 3 computers behind a firewall, NAT enabled w/ dhcp. computer 1 talking to google, computer 2 talking to yahoo, and computer 3 talking to AO all using port 80, all appearing to be the same IP address, but behind the router the comuters have been moved to ephemeral ports (typically greater than 1024) and the router knows which computer is using which ephemeral port.
    [gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
    CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM

  9. #9
    If you did manage to ping it though you wouldnt get the IP for it, as you would need the IP in the first place to ping it!
    Um...right...I was just testing you. You caught that, good for you! Ok, I was trying to get at the point that you'd ping a WAN IP from outside, LAN IP from inside, more or less. Unfortunately, stupid.exe kicked in!

    The ip that you would have would either be the router/modem or the box connected to the internet so you would just ping that, not any internal boxs.
    Ok, so for example, the business network here is 20+ computers behind one router. So, all I'm going to get for any of those boxes from the outside world is the router IP address, which is one address for the router and all 20+ comptuers connecting behind it rather than 20+ WAN IPs, right?

  10. #10
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    [i]I was assuming all his are Internet connected. So then I can't ping a specific box within the LAN from the outside world then, right? Because the ping would bring back the WAN IP of the router?
    Most networks that enable all the computers on it to access the intenet will go through a router/modem they wont connect directly to the internet as this would mean they would all need accounts with the ISP that is being used, it would also mean a lot of work for the sys admin as he would have to secure all these computers from outside interfearence!

    It just makes too many entry points to a network.

    You seem to think that pinging something will get you the ip of it, youyneed the ip in the first place to ping something, otherwise how would you address your ping?
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •