Firewall Wizards mailing list archives

Re: X server in a Firewall

From: "Paul D. Robertson" <paul () compuwar net>
Date: Tue, 24 Jan 2006 22:17:51 -0500 (EST)

On Tue, 24 Jan 2006, Brian Loe wrote:

Can you elaborate on what you're saying here?


Sure, in-band management provides an attacker with a vulnerability surface 
that's difficult to stop and gives the defender tunneling issues that are 
difficult to defend against.  Look at the phone system in the 70's- 
in-band signaling made for widespread phreaker abuse.

And what's the proxy running on the firewall doing?


Hopefully content analysis, protocol enforcement and transport layer 
re-creation.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
http://fora.compuwar.net      Infosec discussion boards 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

X server in a Firewall John M (Jan 24)
- Re: X server in a Firewall Paul D. Robertson (Jan 24)
  - Re: X server in a Firewall John M (Jan 24)
    - Re: X server in a Firewall Paul D. Robertson (Jan 24)
    - Re: X server in a Firewall Brian Loe (Jan 24)
    - Re: X server in a Firewall Paul D. Robertson (Jan 24)
    - Re: X server in a Firewall Chuck Swiger (Jan 24)
    - Re: X server in a Firewall Marcus J. Ranum (Jan 24)
    - Re: X server in a Firewall Cat Okita (Jan 24)
    - Re: X server in a Firewall John M (Jan 24)
    - Re: X server in a Firewall Marcus J. Ranum (Jan 24)
    - Re: X server in a Firewall Peter Bruderer (Jan 25)
  - Re: X server in a Firewall Marcus J. Ranum (Jan 24)
    - Re: X server in a Firewall Cat Okita (Jan 24)
    - Re: X server in a Firewall Paul D. Robertson (Jan 24)
    - Re: X server in a Firewall Cat Okita (Jan 24)

(Thread continues...)