Re: [FW-1] FIREWALL scan IP

["Reed Mohn, Anders" <Anders.Reed.Mohn@FW1-NOSPAMITCOMPAGNIET.NO>]

> The problem that the FW interface where the "Ghost Machine" is
> installed, has an IP address that is not in the same Subnet of the
> "Ghost computer".

This leaves you with one more option (which I don't know whether
is possible on IPSO:  install a packet sniffer.)
The sniffer must be able to go _below_ IP level, so that
you can catch any traffic, not just on your known network.

If the ghost machine, and the FW are NOT on the same
subnet, you will never be able to talk to it, nor detect it,
in any other way, since the TCP/IP-stack will be totally
oblivious to anything with the wrong netmask.

Which gives me a far fetched idea ....
Dunno if this will work.

Can you change the address of the remote interface that
the ghost machine is connected to?
Change the netmask on that interface to be maximally inclusive,
of course, without screwing up the routing for your connection
to the site. Then ping every address in that network (can be automated),
to see whether the address is on that network.

If not, change IP-address and netmask to check any other possible networks
it could belong to.

If you have any idea what network it might belong to, then you should
quickly be
able to narrow your search space to something handleable.

Far fetched, in know ...

Cheers,
Anders :)

=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================