Then you had better not allow http either. Anything can be tunneled over
http. I tunnel Telnet over the proxies and through the wall every day. In
fact it is easy to tunnel many protocols over many other protocols. --HW
> -----Original Message-----
> From: David Lang [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, April 20, 2000 2:19 PM
> To: Mark E. Drummond
> Cc: Firewalls
> Subject: Re: ssh defeats the firewall
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> This is exactly the reason why I do not allow SSH through the firewalls I
> manage.
>
> David Lang
>
> On Thu, 20 Apr 2000, Mark E. Drummond wrote:
>
> > Date: Thu, 20 Apr 2000 15:14:08 -0400
> > From: Mark E. Drummond <[EMAIL PROTECTED]>
> > To: Firewalls <[EMAIL PROTECTED]>
> > Subject: ssh defeats the firewall
> >
> > I love ssh. Use it all the time. I work for an educ institution so I get
> > to use it for everything. It also defeats the security of the firewall.
> > A "legit" user can pass _any_ traffic they want through ssh, even if
> > that traffic is normally denied by the firewall. This can be in handly
> > actually. Most types of traffic are controlled here, but I just tunnel
> > my connections through ssh and i can get whatever I want.
> >
> > --
> > Mark Drummond|ICQ#19153754|mailto:[EMAIL PROTECTED]
> > UNIX System Administrator|Royal Military College of Canada
> > The Kingston Linux Users Group|http://signals.rmc.ca/klug/
> > Saving the World ... One CPU at a Time
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.2
>
> iQEVAwUBOP9KJT7msCGEppcbAQHR6wf9FUplyUN3rnXS+h1D8er6xf1UiE5CsiAI
> 06pKlZxh7SrY1rANy63y0MfO5K+QAkMpRZmTcXhLZ3IFNAf8kSM9+FBz2h3ICjI7
> +L/NpLXwVsF8139QYyimPQfoQKV140R9ZLhTpoMkEG51dlZDjwcmSODhVbqm5/gU
> uHHEQ8yT4i6kqCyH8Wf1nHgd6fSKmJx7i5m+OVvFkuuXihWkCvx4dMgvegUdIO4W
> Ox+qqb2WZvUFyZpZuQ6F0+ydeo6UdmFd+D9LHQWC8o3LsV7Z8gJ5fdIPT2yWsQAL
> D3iyzTnMb5Xu1LfQgb3rZBHqwe9+V9oqJaSur08+z2DRKTRjNO9kCw==
> =boXL
> -----END PGP SIGNATURE-----
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please immediately delete it and all
copies of it from your system, destroy any hard copies of it and notify the
sender. You must not, directly or indirectly, use, disclose, distribute,
print, or copy any part of this message if you are not the intended
recipient. CREDIT SUISSE GROUP and each of its subsidiaries each reserve
the right to monitor all e-mail communications through its networks. Any
views expressed in this message are those of the individual sender, except
where the message states otherwise and the sender is authorised to state
them to be the views of any such entity.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
