On Thu, 20 Apr 2000, David Lang wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> This is exactly the reason why I do not allow SSH through the firewalls I
> manage.
>
People always make statements like this, and a few weeks ago we had a
discussion about content-aware firewalls; Blocking ssh alone doesn't give
you any sense of security, because I could go to my home linux box (or any
machine that has sshd, for that matter) and do:
sshd -p 80
and then ssh from your so-called protected host to my machine's port 80
which isn't a webserver anymore, but a tunnel to your entire network. I do
this all the time while developing. People block it, I route around.
Unless the firewall actually realizes "oh look! ssh traffic on a port
designated for web! block it!" You're doomed.
-j
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
