Firewall Wizards mailing list archives
Re: Is it possible at all ...?
From: Jonn Martell <martell () ucs ubc ca>
Date: Sun, 27 Aug 2000 10:35:47 -0700 (PDT)
I agree with Ryan here. I don't see why one would allow Microsoft Networking "stuff" across firewalls. Use a VPN to shape the stuff properly. Cheap devices like the Lynksys NAT ($100) prevent it altogether. Some mid-level boxes like Sonicwall will allow outbound (which I still think is a problem) but not inbound. So, yes, "it's possible" on a technical level but not if you are really concerned about security IMHO. Fortunately, we have VPNs these days. ..... J Martell On Sat, 26 Aug 2000, Ryan Russell wrote:
Date: Sat, 26 Aug 2000 11:22:30 -0700 (PDT) From: Ryan Russell <ryan () securityfocus com> To: Chris <puetzc () yahoo com> Cc: firewall-wizards () nfr net Subject: Re: [fw-wiz] Is it possible at all ...? On Fri, 25 Aug 2000, Chris wrote:different IP networks. I'd like setup the DMZ and the Inside as follows, so that the domain controllers can exchange information, browsing works, NT user authentication and all the typical NT Domain stuff work. Is that possible at all? I opened ports 135,137,138,139 between the DMZ and the Inside but I do not get it to work?Perhaps you don't have a WINS server set up, or the DMZ machines can't reach it, or don't have it programmed properly? As soon as you go to more than one IP subnet (which you almost always have to do with a DMZ) you will have to use WINS to make things work right. Of course, and I'm sure I won't be the only one to point this out, with the setup you've described, you might as well not have a DMZ. The moment one of your DMZ machines gets nailed (and you have to assume it will... that's why DMZs exist) then the attacker has everything they need to 0wn any inside machine they want. Why do you want NetBIOS running between the inside and DMZ? Ryan _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
_______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Is it possible at all ...? Chris (Aug 26)
- Re: Is it possible at all ...? Ryan Russell (Aug 26)
- Re: Is it possible at all ...? Jonn Martell (Aug 27)
- Re: Is it possible at all ...? Ryan Russell (Aug 26)