Then you stuck with setting up reverse proxies for those services.
Walter On Sat, Jul 12, 2014 at 6:56 PM, Blake Cornell < bcorn...@integrissecurity.com> wrote: > Its a TCP traceroute, not UDP nor ICMP. I need to provide TCP based > services. > > I would prefer staying within the framework of the interface or nominal > BSD magic. > > -- > Blake Cornell > CTO, Integris Security LLC > 501 Franklin Ave, Suite 200 > Garden City, NY 11530 USAhttp://www.integrissecurity.com/ > O: +1(516)750-0478 > M: +1(516)900-2193 > PGP: CF42 5262 AE68 4AC7 591B 2C5B C34C 7FAB 4660 F572 > Free Tools: https://www.integrissecurity.com/SecurityTools > Follow us on Twitter: @integrissec > > On 07/12/2014 09:54 PM, Chris Buechler wrote: > > I don't see the point. If you don't want people to see the path, don't > allow traceroute in (or stop it after the first NAT). If you do, what do > you care if the layers of NAT can be enumerated. If anything even remotely > useful to an attacker can be done to your network because someone knows how > many layers of NAT you have, you have a lot bigger problems than showing > that in a traceroute. > > pf scrub does have a min-ttl option but it's not one that's exposed > anywhere in the GUI and would require changing the source to use. Not > something I've ever seen a real need to use. > > > On Thu, Jul 10, 2014 at 4:51 PM, Blake Cornell < > bcorn...@integrissecurity.com> wrote: > >> I would put it on a report as an issue.. further more... .... no >> comment.... >> >> -- >> Blake Cornell >> CTO, Integris Security LLC >> 501 Franklin Ave, Suite 200 >> Garden City, NY 11530 USAhttp://www.integrissecurity.com/ >> O: +1(516)750-0478 >> M: +1(516)900-2193 >> PGP: CF42 5262 AE68 4AC7 591B 2C5B C34C 7FAB 4660 F572 >> Free Tools: https://www.integrissecurity.com/SecurityTools >> Follow us on Twitter: @integrissec >> >> On 07/10/2014 05:29 PM, Walter Parker wrote: >> >> I disagree that this is a vulnerability/weakness. If this is truly your >> only issue with the network, I'd call it good and done if you are not the >> DOD/NSA. >> >> If you are, then you need to start again with an even more secure >> foundation. >> >> >> Walter >> >> >> On Thu, Jul 10, 2014 at 2:25 PM, Blake Cornell < >> bcorn...@integrissecurity.com> wrote: >> >>> There is a reason for it. It works well except for this ONE issue. >>> >>> I like setting up 0 vulnerability/weakness networks. This is the only >>> one minus presentation/application issues. >>> >>> Thank you both for your input. I'll touch base when I determine a >>> resolution strategy. >>> >>> -- >>> Blake Cornell >>> CTO, Integris Security LLC >>> 501 Franklin Ave, Suite 200 >>> Garden City, NY 11530 USA >>> http://www.integrissecurity.com/ >>> O: +1(516)750-0478 >>> M: +1(516)900-2193 >>> PGP: CF42 5262 AE68 4AC7 591B 2C5B C34C 7FAB 4660 F572 >>> Free Tools: https://www.integrissecurity.com/SecurityTools >>> Follow us on Twitter: @integrissec >>> >>> On 07/10/2014 01:49 PM, James Bensley wrote: >>> > Further to what Walter has said - Double NAT....Boooooooo! >>> > _______________________________________________ >>> > List mailing list >>> > List@lists.pfsense.org >>> > https://lists.pfsense.org/mailman/listinfo/list >>> >>> _______________________________________________ >>> List mailing list >>> List@lists.pfsense.org >>> https://lists.pfsense.org/mailman/listinfo/list >>> >> >> >> >> -- >> The greatest dangers to liberty lurk in insidious encroachment by men of >> zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis >> >> >> _______________________________________________ >> List mailing >> listList@lists.pfsense.orghttps://lists.pfsense.org/mailman/listinfo/list >> >> >> >> _______________________________________________ >> List mailing list >> List@lists.pfsense.org >> https://lists.pfsense.org/mailman/listinfo/list >> > > > > _______________________________________________ > List mailing > listList@lists.pfsense.orghttps://lists.pfsense.org/mailman/listinfo/list > > > > _______________________________________________ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list > -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis
_______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
