Well put! Laura ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, March 06, 2002 3:21 PM Subject: Re: How to hide IP's in Trace
> On 7 Mar 2002, at 0:25, Amarnath Gutta wrote: > > > Hi All, > > > > I have Private IP's address in my network which I want to conceal > > in traceroutes. Say a customer traces to any IP on internet he is > > able to map my private network also which I want to prevent. So how > > can I hide the private ip's in the traceroutes. I use cisco > > routers. > > > > Any suggestions are welcome. > > > > Regards > > > > Amar > > It sounds like you don't want your firewall to allow ICMP replies. > > But even if your firewall allows ICMP replies from internal > machines, then any servers for which you have static NAT mappings > will respond -- and the responses, being NATted, will show the IPs > that the servers map to and not the internal IP addresses of the > actual machines. > Any internal clients relying on PAT will never see the ICMP > requests, which will be addressed to the firewall. > If you have a NAT pool, then machines currently mapped into the > pool may respond on their current mapped addresses -- but since those > addresses are subject to change, this mapping is of limited use to an > attacker. > > So although you may be happier blocking ICMP replies -- if your > firewall lets you choose that option -- I don't think the risk is as > bad as you fear. If you have a firewall that doesn't let you block > ICMP replies, I would not lose sleep over it. > > David Gillett > > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
