[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipsec vs. firewalls

To: Phil Karn <karn@qualcomm.com>
Subject: Re: ipsec vs. firewalls
From: Steve Bellovin <smb@research.att.com>
Date: Thu, 07 May 1998 07:09:29 -0400
cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

	 This is hardly unique to IPSEC. SSH can already do something very
	 similar, albeit limited to TCP. I've already used it to work around
	 the annoying firewall that keeps me from logging in directly to my
	 office workstation from home over a cable modem:
	 
	 (on office workstation)
	 
	 ssh -x -f -c blowfish -R1234:127.0.0.1:22 ip_address_of_home_system sl
	eep 1000000
	 
	 (on home machine)
	 
	 ssh -p 1234 127.0.0.1
	 
	 It's not as clean as I would like, but it works. I used it heavily
	 until I got an ADSL service installed that brought me in behind the
	 firewall.

The difference is that the ssh case implies bad faith on the part
of the authorized inside user.  The ipsec case does not.

Prev by Date: Re: ipsec vs. firewalls
Next by Date: question about tunnel mode
Prev by thread: Re: ipsec vs. firewalls
Next by thread: RE: ipsec vs. firewalls
Index(es):
- Main
- Thread