Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: irc was Re: iso 17799

From: ArkanoiD <ark () eltex net>
Date: Wed, 21 Jul 2004 18:04:55 +0400
nuqneH,

Nothing is transparent. One should connect to irc proxy and issue a 
command to connect to server (well, script can do). 
Evrerything is logged and reported ;-)

Actually none of our customers insisted on using tranparent configuration
after being explanained they do not actually need it (though my firewall
does support transparent operation mode)

On Wed, Jul 21, 2004 at 10:18:40AM -0400, Marcus J. Ranum wrote:

ArkanoiD wrote:

What's wrong with irc?


Nothing's wrong with IRC in and of itself. What's wrong is that I've seen
umpty-zillion installations with their firewalls configured to allow IRC
back and forth unimpeded - a sign of deeper problems.
If everyone started blocking IRC, the botboys would just start
using something else.

The razor blade in the apple is that unimpeded inside->outside
access. End users call this "firewall transparency."  I call it
"painting a target on your head."


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: