Firewall Wizards mailing list archives

RE: Bypassing firewall

From: "Marcus J. Ranum" <mjr () nfr net>
Date: Tue, 01 Feb 2000 22:18:36 -0500

Youre example is not using a proxy based firewall, you are using the
transparent DNS port. If you force the DNS through a proxy proces as it
should on a proxy based firewall (hidden DNS o.i.d) (No transparent
connection at all) then this trick will not work.



Back when I was writing the firewall toolkit I hacked together a
version of a /dev/tun driver and had it piping its output into a
script that uuencoded packets, then emailed them to an alias on
a remote machine which uudecoded them and shoved them into /dev/tun.
It worked; ping round trip times were in the order of seconds,
which made running NFS difficult without adjusting timeouts. I
was able to mount filesystems after a bit of fiddling, and could
get a very slow telnet session connected.

Tunnelling over DNS would be silly, anyhow; most firewalls
have this huge gaping hole called SSL...

mjr.

Current thread:

Re: Bypassing firewall Eric Hedberg (Feb 01)
- <Possible follow-ups>
- RE: Bypassing firewall Eckhardt, H.J.R. - DTOMLD (Feb 01)
- RE: Bypassing firewall Marcus J. Ranum (Feb 01)
  - Re: Bypassing firewall Darren Reed (Feb 02)
    - Re: Bypassing firewall Marcus J. Ranum (Feb 03)
    - Re: Bypassing firewall Darren Reed (Feb 03)
    - Re: Bypassing firewall Marcus J. Ranum (Feb 03)
- Re: Bypassing firewall Lo Teng Thiau (Feb 03)
  - Re: Bypassing firewall Kaptain (Feb 04)
  - Re: Bypassing firewall Martin P. Peikert (Feb 04)