Firewall Wizards mailing list archives
Re: tunnel vs open a hole
From: Mikael Olsson <mikael.olsson () clavister com>
Date: Sun, 06 Apr 2003 22:51:47 +0200
"Anton A. Chuvakin" wrote:
...if to run a new application you'd have to either: 1. open a new port 2. accept tunneling over already open port/protocol which would you choose?
If indeed the choice is as simple as you describe, it's a no-brainer for me. The short-short version: - Opening a new port exposes nothing that you wouldn't be exposing anyway (through tunneling). - Opening a new port lets me monitor the new traffic independently. - Opening a new port lets me SHUT DOWN the new traffic immediately without disrupting the other service, should I ever need to do so. - HTTP tunneling is evil. See RFC 3205, also Best Current Practice #65, "On the use of HTTP as a Substrate": http://www.ietf.org/rfc/rfc3205.txt -- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: tunnel vs open a hole, (continued)
- Re: tunnel vs open a hole Crispin Cowan (Apr 07)
- Re: tunnel vs open a hole Barney Wolff (Apr 07)
- Re: tunnel vs open a hole Crispin Cowan (Apr 07)
- Re: tunnel vs open a hole Dave Piscitello (Apr 08)
- Re: tunnel vs open a hole Frederick M Avolio (Apr 08)
- Re: tunnel vs open a hole Adam Shostack (Apr 08)
- Re: tunnel vs open a hole Dave Piscitello (Apr 08)
- Re: tunnel vs open a hole Frederick M Avolio (Apr 09)
- Re: tunnel vs open a hole Frank Knobbe (Apr 08)
- Re: tunnel vs open a hole Adam Shostack (Apr 06)
- Re: tunnel vs open a hole Mikael Olsson (Apr 06)
- Re: tunnel vs open a hole Bernie, CTA (Apr 06)
- Re: tunnel vs open a hole Christine Kronberg (Apr 07)
- Re: tunnel vs open a hole Anton A. Chuvakin (Apr 07)
- Re: tunnel vs open a hole R. DuFresne (Apr 07)
- Re: tunnel vs open a hole Dave Rinker (Apr 07)
- Re: tunnel vs open a hole Mikael Olsson (Apr 08)
- Re: tunnel vs open a hole Bill Royds (Apr 08)