"Hague, Alex" wrote:
>
> My reading of slashdot (http://slashdot.org) has lead to the discovery of
> what seems to be a ridiculous RFC. RFC 3093
> (http://www.isi.edu/in-notes/rfc3093.txt) proposes a standard for tunneling
> any TCP/IP application over HTTP.
Like most of people said, this could be an April Fools note, but,
consider a few things:
- Have you ever heard about Loki? It was published in the 49th edition of
Phrack Magazine. The basic idea: Tunneling using ICMP.
- What about NetCat? Is possible to place this program to listen some
"trusted port" and redirect commands (even shell commands) through a
connection with it, if you manage to do it...
The important issue we can learn about this, is that we need to be very
careful when planning our FireWall policy. And don't be afraid at all;
Afterall, if you use FireWall-1, you still can make an INSPECT script to
manage and get a fix for this cases... ;-) http://www.yassp.org/fw1/
Regards.
--
Martin Humberto Hoz Salvador
I. E. C.
EX-A-FIME
http://gama.fime.uanl.mx/~mhoz
"Daddy, why doesn't this Magnet pick up this Floppy Disk ?"
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
