Dave Cragg wrote:
One possible approach : provide a service on the proxy which can be
firewalled such that it is not reachable from "the Internet" (this
is very likely very easy - most corporations firewall as much as
they can, so simply an echo server on a suitable (perhaps UDP) port
would do). The client starts by trying to reach that service - and
if it gets a response, then it must be on the corporate net; if not,
it is elsewhere and shouldn't try to use the proxy.
Would a dns lookup on the proxy server (assuming it uses a name and
not a number) achieve the same? The main reason for hosting this
externally was to avoid reliance on internal IT as much as possible.
Hard to say .... depends on whether they run different DNS servers for
internal vs external use.
Most larger corporations will - just to keep the externally visible
namespace smaller and to gain a little bit of security by obscurity, and
is trivial to check *currently*.
(just find some internal-only machine, let's say it is named "somename"
and then do a "ping somename.company.com" once from home and once from
on-net and see what you get).
But that tells you what happens "right now" - doesn't reassure you that
this is an IT policy that you can depend on, which is what you really
want to know. (OTOH, no IT department in history *ever* changes their
policies in the direction of a more liberal one, so if they don't
advertise all host names today, it's a reasonable bet they won't in
future :-)
--
Alex Tweedly http://www.tweedly.net
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.4.4/318 - Release Date: 18/04/2006
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
