[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] IPSec question

Subject: [ale] IPSec question
From: ups at tree.com (Stephan Uphoff)
Date: Tue Jul 20 13:04:10 2004
In-reply-to: Message from Geoffrey <[email protected]> of "Tue, 20 Jul 2004 12:22:34 EDT." <[email protected]>

 
> Stephan Uphoff wrote:
> > Geoffrey wrote:
> > 
> >>Because they are supporting the service.  Again, you're at their mercy. 
> >>  Most companies don't permit just anyone vpn type connectivity.  Since 
> >>you don't 'manage' the firewall in question, you'll have to work with 
> >>each company to get ipsec connectivity.
> > 
> > 
> > But you can tunnel over HTTP/DNS/SMTP/ICMP....... any protocol };-)
> > 
> > You can easily leak informations through firewalls and even gateways
> > if you control machines on both sides.
> 
> You might want to concern yourself with company policies in this area. 
> I'll have to admit, my suggestions were assuming you were going to do 
> things according to existing policies...
 
I totally agree ... the answer was still in context of the first
email and assumed a NATed courtesy IP connection.

This was more on showing that solutions exist to supplement missing
functionality of the NAT device .... and then I got a bit carried away ;-)

	Stephan

References:
- [ale] IPSec question
  - From: esoteric at 3times25.net (Geoffrey)

Prev by Date: [ale] IPSec question
Next by Date: [ale] MySQL 4 & PHP on Redhat Enterprise Linux?
Previous by thread: [ale] IPSec question
Next by thread: [ale] IPSec question
Index(es):
- Date
- Thread