Granted, on the firewall log, you can see different source ports coming from the same IP addresses. Hopefully, your proxy does have a detailed enough log that can tell you which original IP/source port got forwarded (I guess I can not use the word TRANSLATED) by the proxy.
The question is, do you want to spend all your time correlating two different logs? (have fun)
Personally, I would prefer using NAT, or firewalls with built in proxy servers.
Jason
[EMAIL PROTECTED] wrote:
Ram,
There are four distinguishing characteristics for each connection using TCP. There is a source IP address, a destination IP address, a source port, and a destination port. So for example with the following telnet connections from the same client to the same server the unique characteristic is the source port.
10.1.1.1.5000 -> 10.1.1.2.23
10.1.1.1.5009 -> 10.1.1.2.23
10.1.1.1.5047 -> 10.1.1.2.23
10.1.1.1.5052 -> 10.1.1.2.23
The correct packets get to the correct telnet session because each socket is unique.
Regards,
Jeffery Gieser
Jason Yuan
Security Consultant
Niles Associates
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
