Re: Bypassing firewall

From: Eric Hedberg (hedbergat_private)
Date: Mon Jan 31 2000 - 17:16:34 PST

Next message: Alexei Proskura: "SunScreen and admin station on different sides of FW"

Previous message: Staggs, Michael: "RE: Multi-media friendly Firewalls"
Maybe in reply to: Mailing Lists: "Bypassing firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

That would be why you should always use a split DNS -- Even the stupidest
version of BIND isn't going to forward packets that aren't valid DNS
queries...

-Eric Hedberg

----- Original Message -----
From: "Robert Purdy" <liteyearat_private>
To: <firewall-wizardsat_private>
Sent: Sunday, January 30, 2000 5:30 AM
Subject: RE: Bypassing firewall


> Lets say you have done everything in this document and have a very secure
> server and network. You have a DMZ and no one can get into your network
and
> you are logging every connection made to the outside world. You make all
> your users go through a proxy and the only service you allow to go direct
to
> the outside is DNS (port 53).
>

Next message: Alexei Proskura: "SunScreen and admin station on different sides of FW"
Previous message: Staggs, Michael: "RE: Multi-media friendly Firewalls"
Maybe in reply to: Mailing Lists: "Bypassing firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:59:53 PDT