Re: tlug: Re: Test messages: Where's good?

[Chris Sekiya <chris@example.com>]

On Wed, 27 Jan 1999, Stephen J. Turnbull wrote:

> On the argument that by hiding the true IP address outsiders can't see 
> an inside box at all, unless the inside box contacts them first?

... and can only talk to the inside box via the socket thus opened. I'm
sure you know the theory behind masq, so I shan't go into it here.

> Then this allows more freedom for outgoing connections from the inside
> boxes?  Sounds dangerous.

Depends on how much one trusts the people behind the firewall, I guess.
The idea of a firewall is to protect the inside machines from outside
attacks, not vice-versa.

"Real" firewalls are a pain in the ass in most circumstances.  They keep
the bad guys out, sure, but they place unreasonable constraints on
legitimate activities (_without_ compiling a socks-aware rsh, try to
access an external CVS repository).  Further, as soon as someone figures
out that ssh can redirect ports then the whole port-blocking scheme is
circumvented.

There's also the firewall-running-in-user-space versus
firewall-running-in-kernel-space argument.

-- Chris

-------------------------------------------------------------------
Next Technical Meeting: February 13 (Sat), 12:30 place: Temple Univ.
** presentation: XEmacs, by Steven Baur and Martin Buchholz
Next Nomikai: March 19 (Fri), 19:30   Tengu TokyoEkiMae 03-3275-3691
-------------------------------------------------------------------
more info: http://tlug.linux.or.jp                     Sponsor: PHT