RE: [FW1] Hide NAT question

Sat, 30 Dec 2000 18:30:58 -0800 



Good point Andrew.... try to use another IP address if possible (and just
have the FW arp for that IP via $FWDIR/state/local.arp (on NT) or  via arp
cmd (on SUN)...

If you use your fw's external IP, you will have some packets/connections
initiated back to the fw, cluttering your logs, and depending on the number
of these attemps, may make it harder to distinguish between valid requests
and actual attacks/survailance techniques...

  :)


-----Original Message-----
From: Andrew Bagrin [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 29, 2000 10:12 AM
To: Rodney Lacroix; [EMAIL PROTECTED]
Subject: Re: [FW1] Hide NAT question



You can use any IP address. I wouldn't use the firewalls external interface.
If no one knows the IP address of your firewall then you've got a better
chance of it not being attacked.
Andrew Bagrin
Secure-1
865-803-2748
www.secure-1.com
----- Original Message -----
From: Rodney Lacroix <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, December 29, 2000 7:34 AM
Subject: [FW1] Hide NAT question


>
> When hiding an internal network, is there a standard for the IP address
you should hide the network behind?  I assume that you hide it behind the
firewall's external IP address.  However, does that lead to unwanted traffic
direct to the firewall from the Internet?
>
> Thanks in advance.
>
> Rodney Lacroix
>
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to