Firewall Wizards mailing list archives
Re: firewalls and the incoming traffic problem
From: Jyri Kaljundi <jk () stallion ee>
Date: Mon, 29 Sep 1997 12:22:22 +0300 (EET DST)
On Sun, 28 Sep 1997, Paul D. Robertson wrote:
or even seemingly "solicited" incoming traffic. Tunnels are a fact of life, and they'll just get worse as we move forward. That's why I'd like to see *official* MITM addressed in protocol specifications. If we're to _really_ take a stab at continuing to provide security and assurance levels, we *need* to be able to examine data.
Right. I have seen pretty many firewalls with tunnels implemented where you can run anything through them. And when you make that everything something like SSH, you can run a lot of TCP application through it in both directions and set up port forwarding in many ways. And when you for example then run PPP over SSH through that channel you have a clean IP tunnel where you can run any application you want. Also what is happening in the real life of firewalls we have people who innocently run SSH out of their firewalls. And then they innocently run (sometimes for months before anyone notices, if notices) port forwarding to connect into their internal network from home. Yes you need an SSH server outside somewhere, that not everyone has, and sometimes you need even a special client and server so you can run SSH over port 25 or 80 or whatever. Policies and documents usually can not stop this from happening. We need either MITM at the firewall examining all the traffic or better yet monitoring tools that would listen on the internal network and recognize the SSH or SSL or other packets that should not be there. I don't know how good most of application layer firewalls are today, but I believe at least some of them allow you to make special protocol for two ends where you could run SSH over HTTP or some other proxy. Jyri Kaljundi jk () stallion ee AS Stallion Ltd http://www.stallion.ee/
Current thread:
- firewalls and the incoming traffic problem Marcus J. Ranum (Sep 28)
- Re: firewalls and the incoming traffic problem Paul D. Robertson (Sep 28)
- Re: firewalls and the incoming traffic problem Jyri Kaljundi (Sep 29)
- Re: firewalls and the incoming traffic problem Aleph One (Sep 28)
- Re: firewalls and the incoming traffic problem neil d. quiogue (Sep 29)
- Re: firewalls and the incoming traffic problem Aleph One (Sep 30)
- Re: firewalls and the incoming traffic problem neil d. quiogue (Sep 29)
- Re: firewalls and the incoming traffic problem Darren Reed (Sep 28)
- Re: firewalls and the incoming traffic problem Bennett Todd (Sep 29)
- Re: firewalls and the incoming traffic problem Leonard Miyata (Sep 30)
- <Possible follow-ups>
- Re: firewalls and the incoming traffic problem Anton J Aylward (Sep 28)
- Firewall administration. Darren Reed (Sep 29)
- Re: Firewall administration. Bennett Todd (Sep 30)
- Firewall administration. Darren Reed (Sep 29)
- RE: firewalls and the incoming traffic problem Itai Dor-on (Sep 28)
(Thread continues...)
- Re: firewalls and the incoming traffic problem Paul D. Robertson (Sep 28)