Firewall Wizards mailing list archives

Re: Bypassing firewall

From: "Eric Hedberg" <hedberg () mr net>
Date: Mon, 31 Jan 2000 19:16:34 -0600

That would be why you should always use a split DNS -- Even the stupidest
version of BIND isn't going to forward packets that aren't valid DNS
queries...

-Eric Hedberg

----- Original Message -----
From: "Robert Purdy" <liteyear () ihug co nz>
To: <firewall-wizards () nfr net>
Sent: Sunday, January 30, 2000 5:30 AM
Subject: RE: Bypassing firewall

Lets say you have done everything in this document and have a very secure
server and network. You have a DMZ and no one can get into your network

and

you are logging every connection made to the outside world. You make all
your users go through a proxy and the only service you allow to go direct

to

the outside is DNS (port 53).

Current thread:

Re: Bypassing firewall Eric Hedberg (Feb 01)
- <Possible follow-ups>
- RE: Bypassing firewall Eckhardt, H.J.R. - DTOMLD (Feb 01)
- RE: Bypassing firewall Marcus J. Ranum (Feb 01)
  - Re: Bypassing firewall Darren Reed (Feb 02)
    - Re: Bypassing firewall Marcus J. Ranum (Feb 03)
    - Re: Bypassing firewall Darren Reed (Feb 03)
    - Re: Bypassing firewall Marcus J. Ranum (Feb 03)
- Re: Bypassing firewall Lo Teng Thiau (Feb 03)
  - Re: Bypassing firewall Kaptain (Feb 04)
  - Re: Bypassing firewall Martin P. Peikert (Feb 04)