"Hummel, Timo" <[EMAIL PROTECTED]> on Fri, 8 Oct 1999 13:37:38 +0200
(on HTTP tunneling - sending IP via HTTP protocol to bypass firewall)
> The only problem might be security issues, but at least it
> should work, and if both the client and server are using
> data encryption, it should be safe to a certain level.
Since there were mails telling the HTTP tunneling was done
(two independent programs), it was possibly solved, but let
me say few words: the idea of firewall is to prevent from
receiving packets from programs written by some malicious
people (just lately some hackers bypassed protection of some
Linux hosts in our net - they used bugs which were in imapd,
rpc.mountd, wu.ftpd), and if such a server simply forwards
all packets matching IP address on another side - it will
be open door for hackers; therefore such an access should be
enabled on, say, WWW page, one accesses the page, puts some
password, and says he needs connection to some address, and
the tunneling is limited to this address only. It is highly
unlikely a hacker to attack just from the host accessed.
(we saw hacker uses several IP addresses during his actions,
probably to make it harder to find correlation between them)
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
