Firewall Wizards mailing list archives
IP over DNS.
From: Darren Reed <avalon () coombs anu edu au>
Date: Tue, 12 Sep 2000 11:10:05 +1100 (Australia/NSW)
I'm surprised nobody has mentioned IP over DNS here yet - afterall, it's on /. ;-) http://nstx.dereference.de/nstx/ Is the particular implementation in this instance. - there's some more work there for IDS people ;_) The biggest problem is that without doing bad things to DNS*, you can't stop this from being setup without putting in place a full proxy based firewall. Why ? In order for a packet filter firewall to work, hosts inside need to be able to get outside address information and that's what we need to deny people in order to stop the above. Does this spell the end of packet filtering for high security firewalls ? Darren * - bad things includes filtering out certain types of DNS packets such as TXT records. _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- IP over DNS. Darren Reed (Sep 12)
- Re: IP over DNS. Ryan Russell (Sep 13)
- Re: IP over DNS. Mikael Olsson (Sep 13)
- Re: IP over DNS. Matt Cramer (Sep 13)
- Re: IP over DNS. Darren Reed (Sep 16)
- <Possible follow-ups>
- Re: IP over DNS. Alex Goldney (Sep 13)
- Re: IP over DNS. Darren Reed (Sep 13)
- RE: IP over DNS. Frank Knobbe (Sep 16)
- RE: IP over DNS. Bill_Royds (Sep 18)
- Re: IP over DNS. Darren Reed (Sep 19)