Re: A good firewall working fine in default?
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: A good firewall working fine in default?

From: Poster 60 <ekron@wapda.com>
Date: Mon Feb 13 2006 - 08:11:34 CET




Duane Arnold wrote:



> A NAT router works fine in its default state out of the box. It takes 


> little or no configuration on your part and is easy to learn.


> 


> http://www.homenethelp.com/web/explain/about-NAT.asp


> 


> Duane :)



I've tried testing what you have said here and in previous threads. I 


have turned off Zone Alarm


and the only defense (excluding AV program) that is between me and the 


internet is my Linksys router - BEFSR41 - 4 port, stating on the box 


that it has NAT technology.



I went to grc.com and their tests say all ports are secure.



Next I went to testmyfirewall.com and to my surprise I get this message:



                     INTERNAL IP EXPOSED


                     xxx.xxx.x.xxx


(I put x's for the numbers so as not to give out my settings)



The message below came from the spyware testpage. I couldn't get it a 


second time so I'm wondering what's going on. I set my browser (IE) to 


default setting again so maybe that was why I got it only once.



Internal IP address



NATTED IP


Your external IP address (xx.xx.xx.xxx) is always exposed to the 


internet, if it wasn't, you wouldn't be able to visit sites.  On the 


other hand, your internal IP address (xxx.xxx.x.xxx) should be protected 


and not be obtainable by websites.



Internal IP


This does not necessarily mean your firewall is malfunctioning or 


improperly configured. The method we used will sneak past most 


firewalls. Why? Because we use Java to grab the information and then 


pass it on to the server (Notice how everything ran without prompting you?)



Private IP - Why you're Vulnerable



We used your internal IP for this demonstration because it's harmless 


(for the most part). Java passes this  information to the server were it 


can be collected. Many claim this is not possible and that only you can 


see this information, so to prove the point, we included the last 20 


internal IP addresses that this server has seen. To verify this 


information, simply tell a friend your Private IP and have them visit 


this page shortly after you do - they'll see your IP included in the list.



Private IP - What is it?


Private IP addresses range from:


10.0.0.0 - 10.255.255.255


172.16.0.0 - 172.31.255.255


192.168.0.0 - 192.168.255.255



IP Privacy


A hypothetical example of using your internal IP address to track your 


activities is an internet service provider. Some cable companies charge 


you for each computer connected to your cable modem. By tracking your 


internal IP address, the cable company could see that you're running 


multiple computers on one router and bill you accordingly.



More to Security than a Firewall!


The whole point of this demonstration is to make you aware that there is 


more to security than just a firewall. A malicious website owner could 


use a similar method to grab a lot more than your internal IP address, 


and you wouldn't even know it!



Duane, check it out and see what you get.


Received on Mon May  1 00:50:33 2006