PDA

View Full Version : Dmz



toast
12-31-2006, 09:11 PM
Anyone know about this? and getting around it?

Need ideas.
T

Moonbat
12-31-2006, 11:24 PM
It's pretty much a a middle-man between the 'internal network' (for instance, a compnay LAN) and an 'external network' (the Internet). It's kinda like a firewall. More information here.

http://en.wikipedia.org/wiki/Demilitarized_zone_%28computing%2*

As for bypassing it, here is a pdf/powerpoint on the techniques used for this kind of thing.

http://www.terena.org/activities/tf-csirt/meeting*/gowdiak-bypassing-firewalls.pdf

toast
01-01-2007, 12:04 AM
I know all about the structure of dmz's (so the first is out the door), and the second link was what I found, which isn't what I'm looking for. See, I port scanned the guy with nmap. Now, his dmz allows only * ports. So, basically, my question really entitled was whether or not I treat it like a firewall now. (I know after the dmz is the compy's firewall, so it would be like bypassing two.)
Maybe I'm thinking to hard.

But thanks for the shot.
Anyone else?

Toast

Moonbat
01-01-2007, 08:49 AM
Yeah, it's basically a second firewall.

Ezekiel
01-01-2007, 11:10 AM
I know all about the structure of dmz's (so the first is out the door), and the second link was what I found, which isn't what I'm looking for. See, I port scanned the guy with nmap. Now, his dmz allows only * ports. So, basically, my question really entitled was whether or not I treat it like a firewall now. (I know after the dmz is the compy's firewall, so it would be like bypassing two.)
Maybe I'm thinking to hard.

But thanks for the shot.
Anyone else?

Toast

If it's just "one guy", then he probably doesn't use a DMZ. They're mostly for large companies which need to provide services to the net (mail server, DNS, website hosting) but don't want their internal network users to be accessible to the internet. He probably is behind a router and only forwarded * ports to his machine for certain services, which explains what you're experiencing.

Whether or not he has a DMZ, try entering his IP address into your browser to get into the router's web interface - some routers allow management from outside the LAN. If it doesn't work, try adding :8080 at the end, and if it comes up with a basic authentication password prompt, use this list (http://www.phenoelit.de/dpl/dpl.html) to find the default password. Once you're in, you can forward all the ports you like.

~~smart~fool~~
01-01-2007, 12:33 PM
I didnt think you could access the router outside the network. Probably the old ones only.

toast
01-01-2007, 01:01 PM
Well, see, the guy Im doing all this to, is someone I know. And I was having the worst time just getting his compy to reply. So I asked him, and he gave me the clue that he has a dmz and all other interactions are forwarded to his lappy.
Thanks-

Toast

Edit: Nope the browser thing doesn't work....