Firewall Wizards mailing list archives
Re: Firewall-Wizards Digest V1 #197
From: Steve George <stevege () i-way net uk>
Date: Mon, 28 Sep 1998 13:56:58 +0100
Hi, Since a proxies are normally considered to act the application level there is no particular reason why theu should not understand more about the protocol that they are proxying. With connectionless protocols such as SMTP this is quite straightforward since you can implement the set of commands which you consider safe and then forward the stuff to the other end, hence FWTK doesn't do some of the SMTP commands. However, with connection orientated proxies such as telnet you have to implement all of the protocol as you don't know what the user will do with it. However, it seems to me that in essense the problem is with the implementation of the thing at the other end of your proxy not the fact that you can telnet to it rather than use a browser. Steve On Sat, Sep 26, 1998 at 05:34:22AM -0700, sandeep kumar wrote:
Ryan Russel wrote: ===>Date: Wed, 23 Sep 1998 10:10:09 -0700 From: "Ryan Russell" <ryanr () sybase com> Subject: Re: Transparent vs. Non-transparent >AGs/SPFs/whateverAgain, the assumtion is that the telnet proxy is smart enough to know that HTTP doesn't look like a proper telnet... if a telnet proxy lets HTTP through think that it's just a weird >telnet session, then that's just another circuit-level proxy as far as I'm concerned.)Ryan =====> does a proxy understand that if it is to proxy ,say telnet sessions at the given port , then even if someone tries to use some other protocol then the proxy would know that it is not the intended protocol and the connection or proxy would be denied. my question is that whether this is possible or not, if yes then how does the proxy read as to what protocol is the client or the server initiating.... This brings to the question of letting various services through a firewall based upon port number. telnet 23, smtp25 etc. but say I were to write an application at a given port say 23 and use that port to connect to a server also running my application, then the connection would be made. How does one PREVENT this ? thanks sk... _________________________________________________________ DO YOU YAHOO!? Get your free @yahoo.com address at http://mail.yahoo.com
--
Attachment:
_bin
Description:
Current thread:
- Re: Firewall-Wizards Digest V1 #197 sandeep kumar (Sep 26)
- Re: Firewall-Wizards Digest V1 #197 Steve George (Sep 29)