Firewall Wizards mailing list archives
Re: IP over DNS.
From: Darren Reed <darrenr () reed wattle id au>
Date: Tue, 19 Sep 2000 06:52:24 +1100 (EST)
None of the below will block DNS packets for the IP over DNS module. Believe me, if it will work using named as a proxy in normal operation then there is nothing below which will stop it from working. In some email I received from Bill_Royds () pch gc ca, sie wrote:
Frank Knobbe <FKnobbe () KnobbeITS com> on 09/14/2000 12:45:56
To: "'Matt Cramer'" <mscramer () armstrong com>,
firewall-wizards () nfr net
cc: (bcc: Bill Royds/HullOttawa/PCH/CA)
Subject: RE: [fw-wiz] IP over DNS.
<snip>
Afaik, there is no DNS proxy that actually examines the contents of
DNS queries and replies...
Any thoughts on this?
Frank
Some Application Gateway Firewalls, such as Axent Raptor, have DNS proxies that
verify the correctness of the DNS traffic. The Raptor proxy actually asks as a
DNS forwarder, verifying the adherence to the RFC's for all entries (not
allowing characters for hosts or domains outside of DNS standard). It ensures
that TXT records are 7-bit ASCII although someone could probably base 64 encode
binary to get by it.
_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards
_______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- IP over DNS. Darren Reed (Sep 12)
- Re: IP over DNS. Ryan Russell (Sep 13)
- Re: IP over DNS. Mikael Olsson (Sep 13)
- Re: IP over DNS. Matt Cramer (Sep 13)
- Re: IP over DNS. Darren Reed (Sep 16)
- <Possible follow-ups>
- Re: IP over DNS. Alex Goldney (Sep 13)
- Re: IP over DNS. Darren Reed (Sep 13)
- RE: IP over DNS. Frank Knobbe (Sep 16)
- RE: IP over DNS. Bill_Royds (Sep 18)
- Re: IP over DNS. Darren Reed (Sep 19)