Firewall Wizards mailing list archives
Re: Looking for "lease based popper access"
From: Crispin Cowan <crispin () cse ogi edu>
Date: Mon, 13 Dec 1999 00:21:26 +0000
sedwards () sedwards com wrote:
This works pretty good for most services except POP. Traveling employees need to get to their email from where ever they are.
Agreed.
What I'm looking for is something where an employee can get a temporary "lease" to access POP from their current IP address.
This is exactly what you *don't* want to do. If you enable this, then the attacker with an ability to spoof IP addresses can break into arbitrary mail boxes. What you want is real authentication for road warrior e-mail access. Use either SSH or SSL. I personally use SSH. Put an SSH daemon on the mail server, and clients use SSH clients to tunnel the POP and SMTP ports from their mobile laptop to the mail server. For Windows clients, the SSH commerical product from Data Fellows does the trick. For Linux clients, a script like this with the free SSH client works: #!/bin/sh ssh -C -l crispin -f \ -L 6666:your.mail.server:110 \ -L 6667:your.mail.server:25 \ your.mail.server xbiff -geom +17+690 Then just tell the mail client that e-mail access goes through localhost:6666 and localhost:6667 (or pick your favorite port numbers). The "xbiff" keeps the ssh tunnel open, and as an added bonus gives you a ring when new e-mail arrives. SSL crypto & authentication gives you essentially similar security properties, but I am unfamiliar with the details of setting it up. Crispin ----- Crispin Cowan, CTO, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org
Current thread:
- VPN solution needed (linux<->win32) or (nt<->win32) Mailing Lists (Dec 08)
- RE: VPN solution needed (linux<->win32) or (nt<->win32) Shaun Moran (Dec 10)
- Looking for "lease based popper access" sedwards (Dec 12)
- Re: Looking for "lease based popper access" Crispin Cowan (Dec 13)
- Re: Looking for "lease based popper access" sedwards (Dec 13)
- Re: Looking for "lease based popper access" Crispin Cowan (Dec 13)
- Re: Looking for "lease based popper access" kwooding (Dec 14)
- Looking for "lease based popper access" sedwards (Dec 12)
- RE: VPN solution needed (linux<->win32) or (nt<->win32) Shaun Moran (Dec 10)
- <Possible follow-ups>
- RE: VPN solution needed (linux<->win32) or (nt<->win32) sean . kelly (Dec 10)
- Re: VPN solution needed (linux<->win32) or (nt<->win32) Steven M. Bellovin (Dec 12)
- RE: VPN solution needed (linux<->win32) or (nt<->win32) Predrag Zivic (Dec 13)
- RE: VPN solution needed (linux<->win32) or (nt<->win32) Tina Bird (Dec 14)