Options
General Networking Question.
I feel as though I have a decent grasp on how IP addressing works, but something must have slipped through my hands when I was going through the Network+ material.
I'm curious as to how IP addresses resolve to clients through a network as it pertains to network security. Does each client (and/or device) in a corporate network have a public IP address? If I were a penetration tester and wanted to access a particular client within a network, how would I isolate it?
Any further explanation on the subject would be appreciated.
Edit: I accidentally a word.
I'm curious as to how IP addresses resolve to clients through a network as it pertains to network security. Does each client (and/or device) in a corporate network have a public IP address? If I were a penetration tester and wanted to access a particular client within a network, how would I isolate it?
Any further explanation on the subject would be appreciated.
Edit: I accidentally a word.
Comments
-
Options
break
Member Posts: 20 ■□□□□□□□□□
That depends.
Network addresses on most corporate networks are done through PAT (Port Address Translation; a specific subset of Network Address Translation). A security device or router will strip the packets and relabel them before sending them to the world at large. On the corporate network, the IP address would be something in the private IP ranges (i.e. 10.x.x.x /8 ) where the publicly forwarded "source" would be something public like 187.x.x.x:PORT where the port is the unique identifier the security device or router uses to forward it back to the device making the request. This helps protect a network from being directly accessed or targetted as well as preserving the number of public IP addresses. -
Options
GT-Rob
Member Posts: 1,090
Rarely does an internal client have an inbound static NAT translation (1.1.1.1 = 10.10.10.1). Outbound like mentioned will grab a public IP and port (PAT) which is dynamic and only exists for that session, so it will look more like 1.1.1.1:2222 = 10.10.10.1 and 1.1.1.1:2223 = 10.10.10.2, but only for that session. Once this dynamic session is open its possible for something to reach it. Say you managed to install a trojan horse on it that caused the computer to reach out to your server and allow you access once the dynamic entry is setup. This is where an IPS would help detect that kind of traffic. Otherwise the port is random and temporary, and firewalls generally only allow traffic that was asked for.
Some services will likely have static entries though that are always open. For example a company's web server could have port 80 and 443 on IP 1.1.1.1 translate to server 10.10.5.5. This is why servers like this are not "internal" and usually placed in a DMZ where they have limited access to the inside in case they are compromised.