Firewall Wizards mailing list archives
Re: IP over DNS.
From: Mikael Olsson <mikael.olsson () enternet se>
Date: Wed, 13 Sep 2000 13:33:31 +0200
Darren Reed wrote:
[On DNS tunneling] The biggest problem is that without doing bad things to DNS*, you can't stop this from being setup without putting in place a full proxy based firewall.
... and proxy firewalls can't stop tunneling over HTTP or SMTP anyway, so we're back to square one: "if someone wants to tunnel something from the inside, and wants it bad enough, there's no way in hell you can stop them with anything less than an A1 firewall".
Does this spell the end of packet filtering for high security firewalls ?
Nah, I'd pick a properly built SPF over a huge proxy with filtering software from the makers of Barbie & Ken any day ;) <flame shield on> /Mike -- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46 (0)660 29 92 00 Direct: +46 (0)660 29 92 05 Mobile: +46 (0)70 66 77 636 Fax: +46 (0)660 122 50 WWW: http://www.enternet.se/ E-mail: mikael.olsson () enternet se _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- IP over DNS. Darren Reed (Sep 12)
- Re: IP over DNS. Ryan Russell (Sep 13)
- Re: IP over DNS. Mikael Olsson (Sep 13)
- Re: IP over DNS. Matt Cramer (Sep 13)
- Re: IP over DNS. Darren Reed (Sep 16)
- <Possible follow-ups>
- Re: IP over DNS. Alex Goldney (Sep 13)
- Re: IP over DNS. Darren Reed (Sep 13)
- RE: IP over DNS. Frank Knobbe (Sep 16)
- RE: IP over DNS. Bill_Royds (Sep 18)
- Re: IP over DNS. Darren Reed (Sep 19)