[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ssh defeats the firewall

To: Mark E. Drummond <drummond-m@rmc.ca>
Subject: Re: ssh defeats the firewall
From: carson@tla.org
Date: Thu, 20 Apr 2000 19:16:06 -0400 (EDT)
Cc: Firewalls <firewalls@Lists.GNAC.NET>

>>>>> "Mark" == Mark E Drummond <drummond-m@rmc.ca> writes:

Mark> Wrong. An application proxy will analyze packet contents and nix
Mark> anything that is not cosher with the expected protocol. Including
Mark> unintelligle "encrypted" traffic.

<snort> If you believe that, I have a bridge to sell you...

IP over e-mail has been implemented. Do you allow e-mail? Then I can tunnel
connections. You can _never_ stop covert channels - there are too damn many
ways to get information out. You can try to eliminate tham, and make your
users do more and more bizarre things. Or you can figure out what they need
to get done, and come up with an acceptable means of so doing.

-- 
Carson Gaspar -- carson@tla.org carson@cs.columbia.edu carson@cugc.org
http://www.cs.columbia.edu/~carson/home.html
Queen Trapped in a Butch Body
-
[To unsubscribe, send mail to majordomo@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]

Prev by Date: RE: Anyone have study guides or materials for CISSP or SCSA?
Next by Date: Re: ssh defeats the firewall
Prev by thread: Re: ssh defeats the firewall
Next by thread: Re: ssh defeats the firewall
Index(es):
- Date
- Thread