From: Steve (steveszmidt.org)
Date: Fri Jun 11 2004 - 10:01:34 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 11 June 2004 08:50 am, Danny wrote:
> Wow, I wish I could get this many replies to my other email threads...
> Maybe I'll just stick it in here :)
> I'm doing a school project on securing a network of insecure machines
> without doing anything to the client machine (basically by using a
> linux/bsd gateway)
> But I need a good alternative to NAT or SSH tunneling, as NAT is too
> insecure, and SSH tunneling requires to much work to be done on the
> client machine.
> Any ideas? Thanks!
> Danny

I did reply to you. NAT is NOT insecure on a good firewall. They used to be
able to spoof NAT but not these days. Anyone worth anything does not allow
that, or have a method of stopping it. (Which then is usually done by
blocking any Internal address (NAT) if it comes in on the external address.)

Whoever told you NAT is insecure is clueless or not up to date. Tell 'em I
said so.

Now you can take any firewall and by not configuring it properly have an
insecure setup.

BTW, doing firewalls is work. SSH tunneling is easy if you know how. It's a
one line command to add it to f.ex. picking up your email. It does not get
"easier" either. I.e. Unless you pay someone to do the work you will have to
do it. Of course ssh is not a firewall either so it will not replace that
function.

Read the other email I sent you.

> P.S. I've removed that comp from the mailing list, and I'll try to
> convince my dad to put AV on it, although I doubt he will.
>
> On Fri, 2004-06-11 at 10:30, Anne Wilson wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On Friday 11 June 2004 13:16, Danny wrote:
> > > Well, when all you do is visit the odd website, do your bookwork, and
> > > upgrade the antivirus definitions on a program that is so screwed up
> > > (freedom antivirus - Likes to say my files have a virus thats not
> > > even in its library?!), you don't get many viruses.
> >
> > My granddaughter just uses hers for her college work and a bit of msn
> > chat with her friends. One evening last week she had a batch of 10 -
> > yes 10 - virused emails. That's more mail than she would normally get
> > in a month. They may have been spoofed of course, but they said they
> > were from an address in a local college. I guess one of her friends
> > that is at that college got himself/herself infected.
> >
> > I'll bet she has less exposure than your dad, yet her AV often catches
> > something.
> >
> > Anne
> > - --
> > Registered Linux User No.293302
> > Have you visited http://twiki.mdklinuxfaq.org yet?
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.2 (GNU/Linux)
> >
> > iD8DBQFAycIFkFAvMr/nNX8RAk72AJ9H+S9dfZixDMjeaqXOxAUVXfYbrwCfa0E0
> > 23SJCdLzag+QSOijq2F5IaI=
> > =yUiD
> > -----END PGP SIGNATURE-----
> >
> >
> >
> > ______________________________________________________________________
> > ____________________________________________________
> > Want to buy your Pack or Services from MandrakeSoft?
> > Go to http://www.mandrakestore.com
> > Join the Club : http://www.mandrakeclub.com
> > ____________________________________________________

- --
Steve

"They that would give up essential liberty for temporary safety deserve
neither liberty nor safety."
                                Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAyclRljK16xgETzkRArZTAJ9tvA3LsNVBKHAXMiGx9Vux4ubXoQCdHy4y
R4EMoqCv6I+OmGySoQ4iVhU=
=wofO
-----END PGP SIGNATURE-----

____________________________________________________
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]