>I am confused then. Why do you have to scan the other users at your ISP
>to find then machine behind your firewall? Are you saying that the
>firewalls address changes? Os is it just so misconfigured in such a
>fashion as to open up a dynamic address on the ISP's subnets and leave a
>gaping hole that you are searching for?
I'm guessing from his description that David's workplace has a
dial-on-demand NAT box to an ISP which hands out dynamic IP addresses. This
box provides many-to-one address translation for outbound requests from the
machines in the office to the Internet, either via ip-masquerading
(probably, if he's calling it a NAT box) or traditional proxying. For
inbound connections to the NAT box external interface, port 80 is routed to
a single machine in the internal network (David's office PC), similar to
ipportfw.
The trick is that when the NAT box or the connection stays up, David has a
pseudo-static IP address he can go to to reach his office PC, when he is at
home connected to the Internet. However if his NAT box at work has to be
power-cycled or if the ISP drops carrier, the subsequent re-connect will
give the NAT box a different IP address on the Internet interface, so he
will then have to hunt through all the class C addresses registered to his
office's ISP for the newly allocated IP address, hence the scan on port 80.
Given this configuration, it would be much easier to post or mail the new IP
address after the NAT box reconnects, which has already been suggested,
rather than have to scan the four Class C subnets registered to the office's
ISP.
--
Gene Lee
[EMAIL PROTECTED]
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
