OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: RE: DNS -vs- the firewall: security though

RE: DNS -vs- the firewall: security thoughts

Joe Ippolito - President SVNPA (joejoesnet.com)
Thu, 12 Mar 1998 09:30:25 -0800

I just went to a machine that does not have access through a firewall and
does not have DNS configured but does have the Winsock Proxy client
enabled. I typed ping www.yahoo.com and got:
 Reply from 204.71.177.70: bytes=32 time=27ms TTL=246. (MS Proxy is the
only machine that is allowed out).
Am I missing something?

-----Original Message-----
From: Itai Dor-on [SMTP:silicomnetvision.net.il]
Sent: Thursday, March 12, 1998 5:56 AM
To: 'Joe Ippolito - President SVNPA'; 'Bennett Todd'; Bret Watson
Cc: firewall-wizardsnfr.net
Subject: RE: DNS -vs- the firewall: security thoughts

-----Original Message-----
From: Joe Ippolito - President SVNPA [SMTP:joejoesnet.com]
To: 'Bennett Todd'; Bret Watson
Cc: firewall-wizardsnfr.net
Subject: RE: DNS -vs- the firewall: security thoughts

I use MS Proxy. The clients do not need to be configured for an external
DNS only the proxy. The proxy does the external lookups for them.
 Obviously if they cannot resolve external hosts at all they will not be
able to access anything outside without knowing the IP address.

The clients do need to be configured for an external DNS if they utilize
the Winsock Proxy as it's sole function is to relay Winsock 1.1 calls on
behalf of the client initiating the request. The Web Proxy module is a CERN
compatible Proxy agent which fully acts on behalf of the client thus
performing name resolution for the HTTP CERN Type calls. Furthermore The
Web Proxy module is the only module in the package whose functionality can
be extended by using ISAPI.

Cheers,

Itai Dor-on

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:10:40 CDT