[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: man-in-the-middle

On Thursday 07 October 2004 14:30, maarten wrote:
> Can you elaborate more on the network setup ?  I'm confused; if the
> machines are on the same subnet, you can't prevent them from talking to
> each other directly.
Sure, they're not on the same subnet (unless you see the internet as one 
subnet).  They are both on public IPs - but for reasons that were not 
disclosed to me, they're not allowed to talk to each other directly, even 
though they can (I know, I'm itching to find out why too!).

Hence the box in the middle, which has two public IPs, so its basically just 
getting the box in the middle to act as a proxy of sorts between the other 
two (I do not know what the software is either - if it's something like 
Postfix there would be much cleaner ways to do this, but I don't know) 
without them knowing.

> If they're not, there is a router somewhere, and 
> adding your box will certainly complicate the setup, both for you and for
> the router-person. Also, does your box in the middle have one or two NICs ?
Two, each with a public IP.  I do not have the IPs yet, I'll only be given 
that when I'm taken to the server room (no idea why) but I need to know that 
I can do this before I waste my and the client's time going there.

> The thing is, if you just bridge everything, there is little use, is there.
> The real question is _why_ do you need the box in the middle.  If all it
> should look like to the boxen is just thin air, I don't see what (legal)
> purpose that box would serve. Is it for protection ? Monitoring ?
I wish I knew.  It's pretty senseless.

> On that note: Do boxes A and C know that there is something in between them?
No, they shouldn't - that's the idea.  They are to believe that they are 
talking directly to one another, while they're actually talking to a linux 
box <evil grin :-> that's passing the message on, pretending to be the 
sender.  I hope that makes sense

Thanks for your replies
Kind regards
Hans du Plooy
Newington Consulting Services
hansdp at newingtoncs dot co dot za

Reply to: