In fact, I would've thought setting up a caching server like this formed a
basic part of any secure installation...
Brian Steele
----- Original Message -----
From: Charles Windom <[EMAIL PROTECTED]>
To: 'Mullen, Patrick' <[EMAIL PROTECTED]>; 'Marc Renner'
<[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Monday, 06 December, 1999 8:16 PM
Subject: RE: How to defeat a proxy firewall
> Exactly right !!!
>
>
> -----Original Message-----
> From: Mullen, Patrick [mailto:[EMAIL PROTECTED]]
> Sent: Monday, December 06, 1999 11:01 AM
> To: 'Marc Renner'; [EMAIL PROTECTED]
> Subject: RE: How to defeat a proxy firewall
>
>
> > Finally, on a workstation on the private LAN, change the
> > default gateway to point to the vpn servers and add the third
> > IP number to it's
> > LAN port.
> >
> > Now, from this workstation, you can go anywhere. The only
> > thing the firewall admin will see is a really long DNS lookup.
>
> An obstacle easily defeated by setting up your own
> caching name server inside your network and disallowing
> all traffic from anyone to the outside world, including
> DNS, except from your caching nameserver.
>
> If interested, the DNS-HOWTO explains this very well.
> http://www.redhat.com/mirrors/LDP/HOWTO/DNS-HOWTO.html
>
>
>
> ~Patrick
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
