-----BEGIN PGP SIGNED MESSAGE-----
If they NEED outside access I give it to them, that doesn't mean that they
NEED ssh access to outside personal systems _through_ the firewall.
David Lang
On Thu, 20 Apr 2000 [EMAIL PROTECTED] wrote:
> Date: Thu, 20 Apr 2000 19:16:06 -0400 (EDT)
> From: [EMAIL PROTECTED]
> To: Mark E. Drummond <[EMAIL PROTECTED]>
> Cc: Firewalls <[EMAIL PROTECTED]>
> Subject: Re: ssh defeats the firewall
>
> >>>>> "Mark" == Mark E Drummond <[EMAIL PROTECTED]> writes:
>
> Mark> Wrong. An application proxy will analyze packet contents and nix
> Mark> anything that is not cosher with the expected protocol. Including
> Mark> unintelligle "encrypted" traffic.
>
> <snort> If you believe that, I have a bridge to sell you...
>
> IP over e-mail has been implemented. Do you allow e-mail? Then I can tunnel
> connections. You can _never_ stop covert channels - there are too damn many
> ways to get information out. You can try to eliminate tham, and make your
> users do more and more bizarre things. Or you can figure out what they need
> to get done, and come up with an acceptable means of so doing.
>
> --
> Carson Gaspar -- [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
> http://www.cs.columbia.edu/~carson/home.html
> Queen Trapped in a Butch Body
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2
iQEVAwUBOQCFkT7msCGEppcbAQE2CAf/dZuy9aDO83+TKoMa5aVpDQT+8Yu/28FH
W+3XJU+RYiIQ1R2ttfUy1+eLNxnb8OMsklhgM2dJ9fMJIouMA7p4OTbDddpGWvym
2VtdlI4FlOiHtRQ8Dw+Um7VdiCxtDrKqtSnyxhGguO6g/EeePb6zg5zbuTkOZmTT
AKvfiMRfHCHtimgDxhv/2A6jsvQDgdJ9lEvifljpM+4YuUf5MwEFu+nTn5EF+/PA
d+55Ta80kHfTlJzisGgnsKtWT4tm/TSadNVwGKK2Bulv6jHwlKR0u98qJ3OHUpHn
fzOKvp3EP4OBN4SIZxHnEcavS/j3rbf8tjn+rfwTQxk4TLgv0XFnYQ==
=+xEj
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
