Firewall Wizards mailing list archives
Re: The Outgoing Traffic Problem
From: ArkanoiD <ark () eltex net>
Date: Wed, 19 Jul 2006 17:25:28 +0400
nuqneH, Yep, the http problem it is basically stateless and consists of a zillion of short-living connections. You may, however, invent some referer/cookie black magic, but it is, actually, security through obscurity - if that thing could be widespread to some extent, i am sure trojans could happily piggyback that method. I have an http authentication system that works like "the user is authenticated while telnet (don't worry, there are SSL and IPSEC) session to authntication agent is active", but its shortcomings are obvious. On Tue, Jul 18, 2006 at 05:12:45PM -0400, Paul D. Robertson wrote:
On Tue, 18 Jul 2006, Marcus J. Ranum wrote:Sigh. ANY authentication would be better than none at all.So now we're back to a conversation that I recall having several times in 1992/3: that outgoing connections should be authenticated as "belonging" to a real human behind a keyboard before they are allowed. I remember Fred and I floated that idea to a few customers (including folks who were considered to be very sophisticated, in terms of security) and getting blank stares in response.Been there, done that, broke the Gauntlet. Authentication for HTTP didn't scale.
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: The Outgoing Traffic Problem Mike Barkett (Jul 17)
- Re: The Outgoing Traffic Problem lordchariot (Jul 17)
- Re: The Outgoing Traffic Problem Marcus J. Ranum (Jul 18)
- Re: The Outgoing Traffic Problem Paul D. Robertson (Jul 18)
- Re: The Outgoing Traffic Problem Paul D. Robertson (Jul 18)
- Re: The Outgoing Traffic Problem ArkanoiD (Jul 20)
- Re: The Outgoing Traffic Problem Marcus J. Ranum (Jul 19)
- Re: The Outgoing Traffic Problem Devdas Bhagat (Jul 19)
- Re: The Outgoing Traffic Problem Marcus J. Ranum (Jul 19)
- Re: The Outgoing Traffic Problem Marcus J. Ranum (Jul 18)
- Re: The Outgoing Traffic Problem lordchariot (Jul 17)
- <Possible follow-ups>
- Re: The Outgoing Traffic Problem vern (Jul 18)
- Re: The Outgoing Traffic Problem Fetch, Brandon (Jul 27)
- Re: The Outgoing Traffic Problem Paul D. Robertson (Jul 27)