[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ipsec vs. firewalls
> Also, you already are in trouble if your security policy allows outgoing
> connection for protocols which can be used to tunnel others
> protocols/application inside (And there is a *lot* of them).
I think this is an unwinnable war. I've heard of examples of tunnels
running over WWW, DNS, ICMP, etc., etc., etc.
If you let *any* non-trivial protocol through your firewall, it will
be possible for someone with sufficient cleverness to tunnel any other
protocol through it.
- Bill
References: