Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Firewall-Wizards Digest V1 #197

From: Steve George <stevege () i-way net uk>
Date: Mon, 28 Sep 1998 13:56:58 +0100
Hi,

Since a proxies are normally considered to act the application level there is no particular reason why theu should not 
understand more about the protocol that they are proxying.  With connectionless protocols such as SMTP this is quite 
straightforward since you can implement the set of commands which you consider safe and then forward the stuff to the 
other end, hence FWTK doesn't do some of the SMTP commands.   However, with connection orientated proxies such as 
telnet you have to implement all of the protocol as you don't know what the user will do with it.  However, it seems to 
me that in essense the problem is with the implementation of the thing at the other end of your proxy not the fact that 
you can telnet to it rather than use a browser.

Steve

On Sat, Sep 26, 1998 at 05:34:22AM -0700, sandeep kumar wrote:

Ryan Russel wrote: ===>


Date: Wed, 23 Sep 1998 10:10:09 -0700
From: "Ryan Russell" <ryanr () sybase com>
Subject: Re: Transparent vs. Non-transparent >AGs/SPFs/whatever



Again, the assumtion is that the telnet proxy is smart enough to
know that HTTP doesn't look like a proper telnet...  if a telnet
proxy lets HTTP through think that it's just a weird >telnet session,
then that's just another circuit-level proxy as far as I'm concerned.)


             Ryan
=====>
does a proxy understand that if it is to proxy ,say telnet sessions at
the given port , then even if someone tries to use some other protocol
then the proxy would know that it is not the intended protocol and the
connection or proxy would be denied.

my question is that whether this is possible or not, if yes then how
does the proxy read as to what protocol  is the client or the server
initiating....

This brings to the question of letting various services through a
firewall based upon port number. telnet 23, smtp25 etc. but say I were
to write an application at a given port say 23 and use that port to
connect to a server also running my application, then the connection
would be made. How does one PREVENT this ?
thanks 
sk...

_________________________________________________________
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com


--

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: