Marc,
How does this private VPN tunneling do anything with say my work's proxy
'firewall' in place? I'm not touching the proxy firewall as far as I can
gather from your discription here, have you missed a step in your
documentation, or am I missing something here?
Thanks,
Ron DuFresne
On Mon, 6 Dec 1999, Marc Renner wrote:
> I found this a bit interesting, have a look-see, I got it off of :
>
> http://www.redhat.com/mirrors/LDP/HOWTO/Firewall-HOWTO-15.html
>
> Defeating a Proxy Firewall
>
> Just to spoil your day, and keep you on your toes about security, I'll describe how
>easy it is to defeat a proxy firewall.
>
> Lets say you have done everything in this document and have a very secure server and
>network. You have a DMZ and no one can get into
> your network and you are logging every connection made to the outside world. You
>make all your users go through a proxy and the only
> service you allow to go direct to the outside is DNS (port 53).
>
> One port, that is all it takes to make a firewall worthless. Here is how it is done.
>
> Start by setting up a Linux box somewhere outside your LAN. A good choice would be a
>box at home connected to the Internet through a
> cable modem.
>
> Ask your ISP for three IP numbers. Most cable companies will provide up to three.
>
> On this box you need to install the client part of a Virtual Private Network (vpn).
>See: http://sunsite.auc.dk/vpnd/
>
> Now setup the server side on the VPN with another Linux box. Connect this server to
>it's client through port 53. Turn on routing and
> forwarding and put an unused IP number you got from your ISP on it's LAN port.
>
> Finally, on a workstation on the private LAN, change the default gateway to point to
>the vpn servers and add the third IP number to it's
> LAN port.
>
> Now, from this workstation, you can go anywhere. The only thing the firewall admin
>will see is a really long DNS lookup.
>
> Now, take over the world!
>
>
>
> cheers
>
> Marc..
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
