Firewall Wizards mailing list archives

IP over DNS.

From: Darren Reed <avalon () coombs anu edu au>
Date: Tue, 12 Sep 2000 11:10:05 +1100 (Australia/NSW)

I'm surprised nobody has mentioned IP over DNS here yet -
afterall, it's on /. ;-)

http://nstx.dereference.de/nstx/

Is the particular implementation in this instance.

- there's some more work there for IDS people ;_)

The biggest problem is that without doing bad things to
DNS*, you can't stop this from being setup without putting
in place a full proxy based firewall.  Why ? In order for
a packet filter firewall to work, hosts inside need to be
able to get outside address information and that's what
we need to deny people in order to stop the above.

Does this spell the end of packet filtering for high
security firewalls ?

Darren
* - bad things includes filtering out certain types of DNS
packets such as TXT records.

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards

Current thread:

IP over DNS. Darren Reed (Sep 12)
- Re: IP over DNS. Ryan Russell (Sep 13)
- Re: IP over DNS. Mikael Olsson (Sep 13)
- Re: IP over DNS. Matt Cramer (Sep 13)
  - Re: IP over DNS. Darren Reed (Sep 16)
- <Possible follow-ups>
- Re: IP over DNS. Alex Goldney (Sep 13)
  - Re: IP over DNS. Darren Reed (Sep 13)
- RE: IP over DNS. Frank Knobbe (Sep 16)
- RE: IP over DNS. Bill_Royds (Sep 18)
  - Re: IP over DNS. Darren Reed (Sep 19)