"Mikkel L. Ellertson" wrote:
> On Fri, 8 Sep 2000, UK Jaiswal wrote:
>
> > Hi,
> >
> > I have finally done it with just one NIC. eth0 has the private IP and
> > eth0:0 has the public IP. But is this a security lapse and can somebody
> > exploit it?
> >
> > Thankyou.
> > Uk
> >
> If I remember the start of this thread correctly, you are connected to a
> firewall before you hit your ISP. As long as your firewall, or routers
> upstream block the private IPs both ways, about the only security risk is
> from other machines in your school going through the Linux box. If I
> remember right, you are not using the Linux machines as firewall anyway.
>
Seems like that is correct. If someone has a box on the same side of the
router and thought to do it, couldn't they get straight to the windows boxes
using private ip addresses? If it is a switch that the hub is plugged into
would the switch even now they are there? My guess is yess since windows
stuff is always broadcasting it's presence so other windows machines can find
it. Could a managed switch be setup to only allow packets to and from the
"real" ips on the linux boxes to be forwarded or does this sort of packet
filtering reserved for routers?
Sounds like he is in a university setting. Say if he were to be on a machine
in the next office, and tried to connect directly to one of the private
boxes, there would need to be a route set up that would send the packets
stright to the NIC rather than forwarded to the default gateway right? My
guess is that other machins in the building are windows boxes and I don't
know how to do that.
Just some thoughts. BTW that is some pretty good work to think that through
and get it to work IMHO, regardless of the security concerns.
Bret
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
