Paul, What about the fact they are spoofing the IP Header on the return packet? Shouldn't a good firewall be able to pick up on that and toss it out?
Chris Green >This discussion touches on some issues that were discussed recently >with regard to AOL/AIM, etc. It is very difficult to block access if >work arounds have been created like masquerading as some other >service. The answer for blocking masquerading service is to invest >in a system like "Packet Hound" which will inspect the content of >EVERY packet and drop those not authorized. > >The problem with something like SafeWeb and TriangleBoy is a bit more >difficult, but not un-solvable. My solutions are two: > >1. Put out a policy stating that circumventing the firewall using >services like Safe Web and TriangleBoy are not acceptable. State >what the penalty is for violating this policy (termination?). If you >find someone violating the policy impose the penalty; no questions >asked. > >2. You can also take the "allowed access approach" for potential >troublemakers. That is only allow them access to those services and >sites that are required for their work. So for example you only >allow those users (or all users) access to https for those sites you >allow. Depending upon your business the number of secure sites >probably isn't large. Also to address those running SSL on >non-standard ports simply block all other services not allowed. > >Paul > _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
