Definitely! Can't see hoe to avoid this. Beats any other DNS schemes,
imho, that is!
Jean
> >-----Original Message-----
> >From: [EMAIL PROTECTED]
> >[mailto:[EMAIL PROTECTED]]On Behalf Of Brian Steele
> >Sent: Monday, December 06, 1999 10:11 PM
> >To: [EMAIL PROTECTED]
> >Subject: Re: How to defeat a proxy firewall
> >
> >
> >In fact, I would've thought setting up a caching server like
> >this formed a
> >basic part of any secure installation...
> >
> >Brian Steele
> >
> >----- Original Message -----
> >From: Charles Windom <[EMAIL PROTECTED]>
> >To: 'Mullen, Patrick' <[EMAIL PROTECTED]>; 'Marc Renner'
> ><[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> >Sent: Monday, 06 December, 1999 8:16 PM
> >Subject: RE: How to defeat a proxy firewall
> >
> >
> >> Exactly right !!!
> >>
> >>
> >> -----Original Message-----
> >> From: Mullen, Patrick [mailto:[EMAIL PROTECTED]]
> >> Sent: Monday, December 06, 1999 11:01 AM
> >> To: 'Marc Renner'; [EMAIL PROTECTED]
> >> Subject: RE: How to defeat a proxy firewall
> >>
> >>
> >> > Finally, on a workstation on the private LAN, change the
> >> > default gateway to point to the vpn servers and add the third
> >> > IP number to it's
> >> > LAN port.
> >> >
> >> > Now, from this workstation, you can go anywhere. The only
> >> > thing the firewall admin will see is a really long DNS lookup.
> >>
> >> An obstacle easily defeated by setting up your own
> >> caching name server inside your network and disallowing
> >> all traffic from anyone to the outside world, including
> >> DNS, except from your caching nameserver.
> >>
> >> If interested, the DNS-HOWTO explains this very well.
> >> http://www.redhat.com/mirrors/LDP/HOWTO/DNS-HOWTO.html
> >>
> >>
> >>
> >> ~Patrick
> >
> >
> >-
> >[To unsubscribe, send mail to [EMAIL PROTECTED] with
> >"unsubscribe firewalls" in the body of the message.]
> >
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
