Re: firewall?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Sat, 16 Jul 2011, Keith Roberts wrote:

> To: CentOS mailing list <centos@xxxxxxxxxx>
> From: Keith Roberts <keith@xxxxxxxxxxxx>
> Subject: Re:  firewall?
> 
> On Sat, 16 Jul 2011, Ljubomir Ljubojevic wrote:
>
> *snip*
>
>>  I wrote about "physical presence *outside* of your network", like if
>>  you
>>  are on a large WISP that uses bridged network (bad design) and your
>>  Wireless client is bridged, and you have single NIC firewall in place,
>>  entire WISP's network will be able to sniff your traffic and hack into
>>  unprotected workstations/desktops. And there are those scenarios, much
>>  more then you can think.
>
> Which is why one poster mentioned that you need to be familiar with 
> IPtables and Networking before trying to make your machine(s) network(s) 
> secure?
>
> I read some time ago something about tunneling different protocols 
> through firewalls? which sounded quite scary.

This is what I was refering to:

Data Driven Attacks Using HTTP Tunneling

"... HTTP Tunneling Example

HTTP tunneling can be used to access ports that are 
normally inaccessible from a network. Consider Figure 1 
below. The attacker's host is shown on the left with the 
target systems on the right. The router at the edge has the 
following policies:"

http://www.symantec.com/connect/articles/data-driven-attacks-using-http-tunneling

Sounds a bit scary to me, as any website needs to have port 
80 open to allow access to that website.

Kind Regards,

Keith Roberts

-----------------------------------------------------------------
Websites:
http://www.karsites.net
http://www.php-debuggers.net
http://www.raised-from-the-dead.org.uk

All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-----------------------------------------------------------------
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux