Re: man-in-the-middle
On Thursday 07 October 2004 14:30, maarten wrote:
> Can you elaborate more on the network setup ? I'm confused; if the
> machines are on the same subnet, you can't prevent them from talking to
> each other directly.
Sure, they're not on the same subnet (unless you see the internet as one
subnet). They are both on public IPs - but for reasons that were not
disclosed to me, they're not allowed to talk to each other directly, even
though they can (I know, I'm itching to find out why too!).
Hence the box in the middle, which has two public IPs, so its basically just
getting the box in the middle to act as a proxy of sorts between the other
two (I do not know what the software is either - if it's something like
Postfix there would be much cleaner ways to do this, but I don't know)
without them knowing.
> If they're not, there is a router somewhere, and
> adding your box will certainly complicate the setup, both for you and for
> the router-person. Also, does your box in the middle have one or two NICs ?
Two, each with a public IP. I do not have the IPs yet, I'll only be given
that when I'm taken to the server room (no idea why) but I need to know that
I can do this before I waste my and the client's time going there.
> The thing is, if you just bridge everything, there is little use, is there.
> The real question is _why_ do you need the box in the middle. If all it
> should look like to the boxen is just thin air, I don't see what (legal)
> purpose that box would serve. Is it for protection ? Monitoring ?
I wish I knew. It's pretty senseless.
> On that note: Do boxes A and C know that there is something in between them?
No, they shouldn't - that's the idea. They are to believe that they are
talking directly to one another, while they're actually talking to a linux
box <evil grin :-> that's passing the message on, pretending to be the
sender. I hope that makes sense
Thanks for your replies
--
Kind regards
Hans du Plooy
Newington Consulting Services
hansdp at newingtoncs dot co dot za
Reply to: