It's like the blind leading the blind sometimes.
> -----Original Message-----
> From: eric [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, 1 July 2000 9:15 AM
> To: Mark Andrich; [EMAIL PROTECTED]
> Subject: RE: Newbie Question - Proxy Server 2
>
>
> See below
eric...d'ya think you could talk your mail client into indenting if you're
going to respond inline? Huh? Pretty please?
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Mark Andrich
> Sent: Friday, June 30, 2000 2:45 PM
> To: [EMAIL PROTECTED]
> Subject: Newbie Question - Proxy Server 2
>
>
[This was Mark]
> Any advice to the following questions is greatly appreciated.
>
> 1. How does MS Proxy Server 2 rate overall compared to other software
> packages?
Depends on what you mean. As a WWW proxy it is quite bad. As a "firewall"
then it again depends on whether you are using all the Winsock stuff or if
your Internet use is limited to WWW. In general I don't like it very much.
However, unlike eric I appear to have some well considered reasons why not.
1. As a WWW proxy the performance is poor. I frequently find that MS Proxy
actually decreases user-perceived WWW speed.
2. As a firewall it relies on a modified client, which is ugly at best. On
the plus column, though, it is a proxy server rather than a packet filter.
This is good, because the MS packet filtering implementation is not very
versatile and is a pain to configure.
[This was eric]
> It's a packet filter (and not very scalable). You would be
> better off using
> linux or bsd with your flavor of favorite proxy/packet filter.
Yeah. Of course it is. That's why it's called MS Proxy, right? *sigh*.
Actually MS Proxy is one of two things - either a simple WWW proxy (which
won't work in transparent mode) OR a Winsock (or SOCKS v4) based application
gateway. The client-side Winsock client talks to the proxy server and
provides application transparent connection.
In simple terms, you _think_ you're connecting to the internet but your
packets are getting hijacked by evil gnomes. The Evil UDP Gnomes then sprint
across the network with your stolen packets, hand them to the Evil Gnome
Master who then decides if You May Pass. If so, the Gnome Master goes and
gets whatever information you requested on your behalf and relays the
information back to you via Gnome. Finally, the Evil Gnome (impersonating
the place you thought you were connecting to) gives you the information and
exits stage left cackling gleefully (eeeeee hee hee hee hee hee hee heeeee)
[Mark]
> 2. What are some of the pluses and minuses for this product?
> (especially
> from those who support it)
>
[eric]
> It's kind of flakey occasionally.. It doesn't play well with
> others. It is
> ok if you have all M$ workstations and it works with some
> applications on
> unix/mac/linux (i.e. browsers). But, it doesn't work totally
> with anything
> except M$ pretty much.
The WWW proxy works fine with any client. Uh....let me rephrase that - the
WWW proxy works as well with non-MS clients as it does with them. The
"firewall" guff works with anything that supports SOCKS v4 (or Winsock, but
that's less likely on a non-MS client ;).
I'm more than prepared to believe that the SOCKS v4 support is poor since
even the Winsock support seems screwy at times. Having said that, though, I
know a couple of very large networks using it in Winsock mode with no real
problems. Of course, they have a real firewall and a packet filtering router
in front of it...
[Mark]
> 3. Is there any good documentation for this product in terms
> of commonly
> overlooked security settings/weak points?
Not that I've seen.
[snip]
>
> Thanks in advance,
>
> Mark
>
>
> your welcome. eric.
eeeeeee hee hee hee hee heeee
--
Ben Nagy
Evil Gnome Master, Volante IT
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
