On Tue, 1 Dec 2009, Douglas Royds wrote:
The MAC address of the router must be visible on the upstream link, or the router is useless. Isn't that the only information that is being leaked? The router is only trying to prevent pinging of boxes _behind_ the firewall. As a side effect, you can't ping the router.
Not much info of value is being leaked except... * Existence. ie. If you thinking of a firewall as being invisible if it isn't jabbering, you're mistaken. * Nature. ie. You can infer the manufacturer from the mac address. Looking at the arp stream going by me with wireshark at the moment I can tell there are vmware virtual environments, cisco routers, toshiba, sun, intel,... As I said, it's subtle. Nothing great.. Just enough to confuse the hell out of me for a while. A sort minor WTF moment. How could arp be getting through but not ping? Well, now I know. John Carter Phone : (64)(3) 358 6639 Tait Electronics Fax : (64)(3) 359 4632 PO Box 1645 Christchurch Email : [email protected] New Zealand
