[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipsec vs. firewalls

To: smb@research.att.com
Subject: Re: ipsec vs. firewalls
From: Phil Karn <karn@qualcomm.com>
Date: Wed, 6 May 1998 23:11:10 -0700 (PDT)
CC: ipsec@tis.com, karn@qualcomm.com
In-reply-to: <199805070458.AAA10739@smb.research.att.com> (message from SteveBellovin on Wed, 06 May 1998 20:12:03 -0700)
Sender: owner-ipsec@ex.tis.com

This is hardly unique to IPSEC. SSH can already do something very
similar, albeit limited to TCP. I've already used it to work around
the annoying firewall that keeps me from logging in directly to my
office workstation from home over a cable modem:

(on office workstation)

ssh -x -f -c blowfish -R1234:127.0.0.1:22 ip_address_of_home_system sleep 1000000

(on home machine)

ssh -p 1234 127.0.0.1

It's not as clean as I would like, but it works. I used it heavily
until I got an ADSL service installed that brought me in behind the
firewall.

>Finally, I suspect that some people will regard anything that
>cripples firewalls as a feature.  With all due respect, I tend
>to differ...

(rising to the bait) Firewalls are dead. Get used to it. :-)

Phil

Follow-Ups:

Re: ipsec vs. firewalls

From: Damien Wetzel <dwetzel@iway.fr>

Re: ipsec vs. firewalls

From: Bill Manning <bmanning@isi.edu>

References:

ipsec vs. firewalls

From: Steve Bellovin <smb@research.att.com>

Prev by Date: RE: [Karen Seo: Thomas Narten -- clarification, etc.]
Next by Date: Re: ipsec vs. firewalls
Prev by thread: ipsec vs. firewalls
Next by thread: Re: ipsec vs. firewalls
Index(es):
- Main
- Thread