On Sun, Apr 22, 2001 at 12:06:19PM +0200, Lars Hallberg wrote: > So, You lose the *extra* protection of a DMZ, not more (if the users > inside your firewall is trusted).
Actually there was a malformed-url-attack which allowed a public web page to list a URL which will call the firewall to open an inbound connection if one of your internal users where clicking on that url. This was due to very simple protoocl parsing. I think that special case does ot work with the iptables exploit but it clearly shows you, that you cant expect your users are trusted if they can be tricked to send such data out of your net. Greetings Bernd -- (OO) -- [EMAIL PROTECTED] -- ( .. ) [EMAIL PROTECTED],linux.de,debian.org} http://home.pages.de/~eckes/ o--o *plush* 2048/93600EFD [EMAIL PROTECTED] +497257930613 BE5-RIPE (O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
