Firewall Wizards mailing list archives
RE: Bypassing firewall
From: "Marcus J. Ranum" <mjr () nfr net>
Date: Tue, 01 Feb 2000 22:18:36 -0500
Youre example is not using a proxy based firewall, you are using the transparent DNS port. If you force the DNS through a proxy proces as it should on a proxy based firewall (hidden DNS o.i.d) (No transparent connection at all) then this trick will not work.
Back when I was writing the firewall toolkit I hacked together a version of a /dev/tun driver and had it piping its output into a script that uuencoded packets, then emailed them to an alias on a remote machine which uudecoded them and shoved them into /dev/tun. It worked; ping round trip times were in the order of seconds, which made running NFS difficult without adjusting timeouts. I was able to mount filesystems after a bit of fiddling, and could get a very slow telnet session connected. Tunnelling over DNS would be silly, anyhow; most firewalls have this huge gaping hole called SSL... mjr.
Current thread:
- Re: Bypassing firewall Eric Hedberg (Feb 01)
- <Possible follow-ups>
- RE: Bypassing firewall Eckhardt, H.J.R. - DTOMLD (Feb 01)
- RE: Bypassing firewall Marcus J. Ranum (Feb 01)
- Re: Bypassing firewall Darren Reed (Feb 02)
- Re: Bypassing firewall Marcus J. Ranum (Feb 03)
- Re: Bypassing firewall Darren Reed (Feb 03)
- Re: Bypassing firewall Marcus J. Ranum (Feb 03)
- Re: Bypassing firewall Darren Reed (Feb 02)
- Re: Bypassing firewall Kaptain (Feb 04)
- Re: Bypassing firewall Martin P. Peikert (Feb 04)