Dlink DMZ implementation

Discussion in 'other security issues & news' started by lunarlander, May 31, 2011.

Thread Status:
Not open for further replies.
  1. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    121
    Hi,

    I have a DLink router, and it has a setting for 1 PC to be placed in the DMZ. What I want to know is if that DMZ'd pc is isolated from the rest of the LAN. Say in event that that pc is compromised, can an attacker go on and invade other pc's on the LAN ?

    Why I am asking is because I also have a CheckPoint hardware firewall. And it implements a seperate LAN for the DMZ, and cannot touch the regular LAN. It even has it's own DHCP.
     
  2. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    121
    Answering my own question.

    I placed a pc into the dlink DMZ, and enabled SSHD. Then on another pc I was able to ssh into that dmz'd pc. So conclusion, the DLink dmz is not a separate lan, and a compromised dmz pc can connect to all other pc's and wreck havoc.
     
  3. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    I thought putting a computer in DMZ meant to put it outside NAT protection.
     
  4. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    121
    DMZ is generally used for hosting servers, like web servers. It would still get an internal address from DHCP. So it is not 'outside NAT protection'. It should be a separate zone, where all the risky stuff is placed, like things that are prone to getting hacked.
     
  5. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    ok, thanks.
     
Loading...
Thread Status:
Not open for further replies.