Especially if said firewall is a NAT router. :) One IP, many many machines. (Usually there'll be something in the log indicating what IP address the machine itself had when it hit the server, and if that begins with 10., 172., or 192., it's behind a NAT router. You'll see a lot of addresses looking like 192.168.1.2 or 192.168.100.2 in such a situation. NAT usually behaves like a firewall just as an artifact of how it works, unless the admin has set up some kind of DMZ or port mapping to direct incoming traffic to a specific machine, incoming connectino attempts will just drop in the bit bucket.
(Sometimes it's really amazing what you can figure out just by looking at a given machine's IP config, if you know what to look for ..)
On May 23, 2007, at 11:18 PM, Greg D. wrote:
I'd recommend being a little careful about what you conclude from an IP address. Employees at a large company are all going to look like they have the same IP address once their traffic hits the internet, by virtue of their corporate firewall.
Greg KO6TH