On Sat, 16 Jul 2011, Keith Roberts wrote:
> To: CentOS mailing list <centos@xxxxxxxxxx>
> From: Keith Roberts <keith@xxxxxxxxxxxx>
> Subject: Re: firewall?
>
> On Sat, 16 Jul 2011, Ljubomir Ljubojevic wrote:
>
> *snip*
>
>> I wrote about "physical presence *outside* of your network", like if
>> you
>> are on a large WISP that uses bridged network (bad design) and your
>> Wireless client is bridged, and you have single NIC firewall in place,
>> entire WISP's network will be able to sniff your traffic and hack into
>> unprotected workstations/desktops. And there are those scenarios, much
>> more then you can think.
>
> Which is why one poster mentioned that you need to be familiar with
> IPtables and Networking before trying to make your machine(s) network(s)
> secure?
>
> I read some time ago something about tunneling different protocols
> through firewalls? which sounded quite scary.
This is what I was refering to:
Data Driven Attacks Using HTTP Tunneling
"... HTTP Tunneling Example
HTTP tunneling can be used to access ports that are
normally inaccessible from a network. Consider Figure 1
below. The attacker's host is shown on the left with the
target systems on the right. The router at the edge has the
following policies:"
http://www.symantec.com/connect/articles/data-driven-attacks-using-http-tunneling
Sounds a bit scary to me, as any website needs to have port
80 open to allow access to that website.
Kind Regards,
Keith Roberts
-----------------------------------------------------------------
Websites:
http://www.karsites.net
http://www.php-debuggers.net
http://www.raised-from-the-dead.org.uk
All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-----------------------------------------------------------------
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
