--- Mailing Lists <mlistat_private> wrote: > But I overheard one of my users bragging that it bypassed the firewall > using two linux machines doing port redirection. You don't really need two Linux boxes. Assuming you have a standard packet filtering firewall that allows only outbound TCP connections to port 80, a user could setup a SOCKS server at home (assume cable-modem/DSL) listening on port 80 rather than the standard 1080. Any socksable client then can allow the user any activity through his/her home machine. For example, run SocksCap from NEC configured to use the home machine as the SOCKS server. Most client apps can now work invisibly through this setup. There is nothing really that you can do about this sort of thing. You could similarly write clients that tunnel though HTTP requests through proxy servers. In a previous life, the company I worked for allowed incoming port 6000 for X Windows terminals. I simply put HTTP at port 6000 and voila, my personal web server could be reached from the Internet. The moral of the story is that there is nothing magical about port numbers, and relying upon them to perfectly identify the protocol is dangerous. Rob. ===== Robert Graham http://www.robertgraham.com/pubs __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:58:59 PDT