RE: How to defeat a proxy firewall

Tue, 7 Dec 1999 11:37:47 -0800 

please... not another proxy Vs packet filter flame war... I am too busy and
too tired of hearing this ramble on.  

please go play somewhere else...

> -----Original Message-----
> From: Marc Renner [SMTP:[EMAIL PROTECTED]]
> Sent: Monday, December 06, 1999 12:09 PM
> To:   [EMAIL PROTECTED]
> Subject:      How to defeat a proxy firewall
> 
> I found this a bit interesting, have a look-see, I got it off of : 
> 
> http://www.redhat.com/mirrors/LDP/HOWTO/Firewall-HOWTO-15.html
> 
> Defeating a Proxy Firewall
> 
> Just to spoil your day, and keep you on your toes about security, I'll
> describe how easy it is to defeat a proxy firewall. 
> 
> Lets say you have done everything in this document and have a very secure
> server and network. You have a DMZ and no one can get into
> your network and you are logging every connection made to the outside
> world. You make all your users go through a proxy and the only
> service you allow to go direct to the outside is DNS (port 53). 
> 
> One port, that is all it takes to make a firewall worthless. Here is how
> it is done. 
> 
> Start by setting up a Linux box somewhere outside your LAN. A good choice
> would be a box at home connected to the Internet through a
> cable modem. 
> 
> Ask your ISP for three IP numbers. Most cable companies will provide up to
> three. 
> 
> On this box you need to install the client part of a Virtual Private
> Network (vpn). See: http://sunsite.auc.dk/vpnd/
> 
> Now setup the server side on the VPN with another Linux box. Connect this
> server to it's client through port 53. Turn on routing and
> forwarding and put an unused IP number you got from your ISP on it's LAN
> port. 
> 
> Finally, on a workstation on the private LAN, change the default gateway
> to point to the vpn servers and add the third IP number to it's
> LAN port. 
> 
> Now, from this workstation, you can go anywhere. The only thing the
> firewall admin will see is a really long DNS lookup. 
> 
> Now, take over the world! 
> 
> 
> 
> cheers
> 
> Marc..
> 
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to