I found this a bit interesting, have a look-see, I got it off of :
http://www.redhat.com/mirrors/LDP/HOWTO/Firewall-HOWTO-15.html
Defeating a Proxy Firewall
Just to spoil your day, and keep you on your toes about security, I'll describe how
easy it is to defeat a proxy firewall.
Lets say you have done everything in this document and have a very secure server and
network. You have a DMZ and no one can get into
your network and you are logging every connection made to the outside world. You make
all your users go through a proxy and the only
service you allow to go direct to the outside is DNS (port 53).
One port, that is all it takes to make a firewall worthless. Here is how it is done.
Start by setting up a Linux box somewhere outside your LAN. A good choice would be a
box at home connected to the Internet through a
cable modem.
Ask your ISP for three IP numbers. Most cable companies will provide up to three.
On this box you need to install the client part of a Virtual Private Network (vpn).
See: http://sunsite.auc.dk/vpnd/
Now setup the server side on the VPN with another Linux box. Connect this server to
it's client through port 53. Turn on routing and
forwarding and put an unused IP number you got from your ISP on it's LAN port.
Finally, on a workstation on the private LAN, change the default gateway to point to
the vpn servers and add the third IP number to it's
LAN port.
Now, from this workstation, you can go anywhere. The only thing the firewall admin
will see is a really long DNS lookup.
Now, take over the world!
cheers
Marc..
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
