Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] [fw-1] Instant Messenger bypass FW-1

To: [email protected]
Subject: Re: [FW-1] [fw-1] Instant Messenger bypass FW-1
From: Russell Washington <[email protected]>
Date: Thu, 13 Jun 2002 13:14:40 -0700
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

So we're talking about utlizing proxy functionality, not (in reference to
the post from Dimitri that actually prompted the reply you're quoting me
from) firewall functionality, as I think *he* was describing.

Right?

-----Original Message-----
From: Don [mailto:[email protected]]
Sent: Thursday, June 13, 2002 11:49 AM
To: [email protected]
Subject: Re: [FW-1] [fw-1] Instant Messenger bypass FW-1


> I don't mess with custom services much but if you're talking about
> diddling with this at the port level, AIM doesn't have any port
> dependencies that render it unique from other traffic.  Kill one and
> it goes looking for another, usually something well-defined like SMTP,
> Telnet, DNS, yadda yadda. While your point about denying everything
> unless "absoluely needed" is well taken, the point is that AIM will
> piggyback on one of those "absolutely needed" ports and at that point
> your only option is to blackhole the login servers.
The idea with absolutely needed services, is that clients on your network
never talk to external systems directly. Internal systems can only talk to
an internal DNS server, mail server or web proxy. Those servers are then the
ones that connect out to the Internet. As a result, software running on the
local client can never get out (The pre-requisite being a properly
configured proxy).

-Don

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] [fw-1] Instant Messenger bypass FW-1
  - From: Don <[email protected]>

Prev by Date: [FW-1] AW: [FW-1] Connecting 2 ISP's with Cisco 2611 and a hub
Next by Date: [FW-1] AW: [FW-1] ipsec between cisco1720 and NG FP1 running on solaris8
Previous by thread: Re: [FW-1] [fw-1] Instant Messenger bypass FW-1
Next by thread: Re: [FW-1] [fw-1] Instant Messenger bypass FW-1
Index(es):
- Date
- Thread