2011/3/23 Yehuda Katz <[email protected]>: > On Wed, Mar 23, 2011 at 5:14 PM, Michael Schuh <[email protected]> > wrote: >> >> for a bit fun: >> put *.facebook.com into your dns-masquerader and lead him to the >> internal IP of the firewall >> or to 127.0.0.1 :D (* -> www, or whatever else, i am not aware if the >> dns-forwarder can match wildcards) >> Deny all other DNS beside the access to the firewall. > > Just make sure you block access to other DNS servers at the firewall. > You might not think that so many people have heard of OpenDNS or Google > Public DNS. > - Y
the chances to use a open and free DNS Webservice are good and than they will use the IP-address itself. therefore i wrote it not fully serious ;-) on the other hand, who really needs access , will get access and if it must be through another http/s-tunnel or a ssh-tunnel . remember also ssh can misused as socks proxy and as long ppl. can boot machines from different media as from the hard disk, they can cheat nearly everything...nothing is as secure as the death :D you need it really secure? pull the powerplug of the firewalls, computers and all switches... :D just a suggestion do not make it so secure that the security is more a handbrake as a help. -- = = = http://michael-schuh.net/ = = = Projektmanagement - IT-Consulting - Professional Services IT Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0175/5616453 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = = --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
