[rc5] Suggestions

Eric Bravick ebravick at gte.net
Fri Jun 13 19:45:40 EDT 1997


Donald J. Rude wrote:
> 
> Adam B. Roach wrote:
> >
> > Second, you may want to set up some proxies that communicate
> > with HTTP.
> 
> > have a non-SOCKS firewall in place, with a web proxy available.
> 
>         I think what you mean is... communicate VIA port 80.  The protocol used
> over that port is insignificant.  Why not move a computer outside the
> firewall (or get a shell account somewhere) and run a proxy on said
> computer that listens on port 80?  The only trick then is that you need
> SU priv on a Unix based system to listen to port 80.  Perhaps a simple
> WIN95 box outside the firewall?

  Not to answer for Adam (I'm sure he can do that himself) but I think
you've missed his point.  Many people work at companies/organizations
with a large amount of processor power that lives inside a firewall on
production machines/networks.  I know I do!  Moving them is not only
"not an option" but is strictly prohibted by security and network
policy.
  On the port 80 issue, it very much DOES matter what the protocol is
and that the protocol "behaves" properly.  Most "proxy mode" firewalls
do some flavor of application layer scrubbing, and won't allow just
anything to pass in and out.  They listen on a port for a specific
protocol, and even make sure that all of those protocol communications
are by the spec, or it dumps them.

-- 
--------------------------------------------------
--    Eric Bravick, Engineer/Shock Trooper	--
---       Networked Knowledge Systems 	       ---
----  (813)887-5674 Voice (813)884-4815 Fax   ----
-----           ebravick at gte.net             -----
--------------------------------------------------

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzNwsvkAAAEEAKWjuaEx/egcAQoxjVZElyuAnloID7TnOmbkAei7oGgg9C6b
NLTjYr6ZOYEw+M4l5Blc301sIUYJuq551/ziQub/CHFPm/xH5l8ZSrc5SxTqP/9d
O4p2WrKlOi5yz/KJJThTQB4t8IFp30TScfSMNhwbZ0uUynR1GkR06NntCquNAAUR
tB9FcmljIEJyYXZpY2sgPGVicmF2aWNrQGd0ZS5uZXQ+
=gdVZ
-----END PGP PUBLIC KEY BLOCK-----
----
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.



More information about the rc5 mailing list