Why not, it is not like brand name vs brand name. Brain storming is always
good. Different people might have different things to say. And IF you are
REALLY sick about it why don't you provide a link (or any info.) to previous
war, that could probably stop this one??? You can also press the Delete key
(or whatever) on your keyboard when you see the subject...
Jean
> >-----Original Message-----
> >From: [EMAIL PROTECTED]
> >[mailto:[EMAIL PROTECTED]]On Behalf Of Crumrine, Gary L
> >Sent: Tuesday, December 07, 1999 11:07 AM
> >To: Marc Renner; [EMAIL PROTECTED]
> >Subject: RE: How to defeat a proxy firewall
> >
> >
> >please... not another proxy Vs packet filter flame war... I am
> >too busy and
> >too tired of hearing this ramble on.
> >
> >please go play somewhere else...
> >
> >> -----Original Message-----
> >> From: Marc Renner [SMTP:[EMAIL PROTECTED]]
> >> Sent: Monday, December 06, 1999 12:09 PM
> >> To: [EMAIL PROTECTED]
> >> Subject: How to defeat a proxy firewall
> >>
> >> I found this a bit interesting, have a look-see, I got it off of :
> >>
> >> http://www.redhat.com/mirrors/LDP/HOWTO/Firewall-HOWTO-15.html
> >>
> >> Defeating a Proxy Firewall
> >>
> >> Just to spoil your day, and keep you on your toes about security, I'll
> >> describe how easy it is to defeat a proxy firewall.
> >>
> >> Lets say you have done everything in this document and have a
> >very secure
> >> server and network. You have a DMZ and no one can get into
> >> your network and you are logging every connection made to the outside
> >> world. You make all your users go through a proxy and the only
> >> service you allow to go direct to the outside is DNS (port 53).
> >>
> >> One port, that is all it takes to make a firewall worthless.
> >Here is how
> >> it is done.
> >>
> >> Start by setting up a Linux box somewhere outside your LAN. A
> >good choice
> >> would be a box at home connected to the Internet through a
> >> cable modem.
> >>
> >> Ask your ISP for three IP numbers. Most cable companies will
> >provide up to
> >> three.
> >>
> >> On this box you need to install the client part of a Virtual Private
> >> Network (vpn). See: http://sunsite.auc.dk/vpnd/
> >>
> >> Now setup the server side on the VPN with another Linux box.
> >Connect this
> >> server to it's client through port 53. Turn on routing and
> >> forwarding and put an unused IP number you got from your ISP
> >on it's LAN
> >> port.
> >>
> >> Finally, on a workstation on the private LAN, change the
> >default gateway
> >> to point to the vpn servers and add the third IP number to it's
> >> LAN port.
> >>
> >> Now, from this workstation, you can go anywhere. The only thing the
> >> firewall admin will see is a really long DNS lookup.
> >>
> >> Now, take over the world!
> >>
> >>
> >>
> >> cheers
> >>
> >> Marc..
> >>
> >> -
> >> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> >> "unsubscribe firewalls" in the body of the message.]
> >-
> >[To unsubscribe, send mail to [EMAIL PROTECTED] with
> >"unsubscribe firewalls" in the body of the message.]
> >
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
