OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 4th quarter (Oct-Dec) 1994: Re: Hackers Out of Business?

Re: Hackers Out of Business?

jeromie (jeromiemmp.com)
Fri, 14 Oct 94 10:10:32 PDT

>   Sure, sounds secure, but not very useful. I happen to like things like
> mbone, name resolution, nfs mounting internet archives, talk, the variety of 
> games that require UDP, FSP, etc.
> 

Name Resolution can be used fine though a firewall, just takes a little of coaxing.  Reguarding MBONE & NFS, well hopefully we all know their inherent risks, and you obviously put funtionality before security.  Other companies security
policies may differ.

> > 	The product seems pretty good from what I've read thus far.
> 
>   Well, then Winn suckered you in. :-) Just be warned, you can duplicate
> perhaps 98% of the functionality for free, and it won't even require
> any programming. In fact, you can probably get more functionality,
> since I'm sure UDP proxies exist.
> 

	Yes, you can duplicate just about everything it's doing, other than 
packet filtering based on the data content (as far as I know, no public package is available to do that).  I would also agree you could get more functionality
if you're putting together your own homebrew of security remedies.

>   Well, you're confusing public recognition with knowledge. SCTC is
> probably more well known in their (DoD?) circles than Ches or Bellovin.
> Besides, AT&T may have a grudge. :-)
> 

    Yes, obviously SCTC would be a much better evaluator.