Firewall Wizards mailing list archives
RE: DNS -vs- the firewall: security thoughts
From: "Joe Ippolito - President SVNPA" <joe () joesnet com>
Date: Thu, 12 Mar 1998 09:30:25 -0800
I just went to a machine that does not have access through a firewall and does not have DNS configured but does have the Winsock Proxy client enabled. I typed ping www.yahoo.com and got: Reply from 204.71.177.70: bytes=32 time=27ms TTL=246. (MS Proxy is the only machine that is allowed out). Am I missing something? -----Original Message----- From: Itai Dor-on [SMTP:silicom () netvision net il] Sent: Thursday, March 12, 1998 5:56 AM To: 'Joe Ippolito - President SVNPA'; 'Bennett Todd'; Bret Watson Cc: firewall-wizards () nfr net Subject: RE: DNS -vs- the firewall: security thoughts -----Original Message----- From: Joe Ippolito - President SVNPA [SMTP:joe () joesnet com] To: 'Bennett Todd'; Bret Watson Cc: firewall-wizards () nfr net Subject: RE: DNS -vs- the firewall: security thoughts I use MS Proxy. The clients do not need to be configured for an external DNS only the proxy. The proxy does the external lookups for them. Obviously if they cannot resolve external hosts at all they will not be able to access anything outside without knowing the IP address. The clients do need to be configured for an external DNS if they utilize the Winsock Proxy as it's sole function is to relay Winsock 1.1 calls on behalf of the client initiating the request. The Web Proxy module is a CERN compatible Proxy agent which fully acts on behalf of the client thus performing name resolution for the HTTP CERN Type calls. Furthermore The Web Proxy module is the only module in the package whose functionality can be extended by using ISAPI. Cheers, Itai Dor-on
Current thread:
- Re: Firewall Audit Programme/checklist, (continued)
- Re: Firewall Audit Programme/checklist Chad Schieken (Mar 16)
- Re: Firewall Audit Programme/checklist Bret Watson (Mar 17)
- Re: Firewall Audit Programme/checklist Marcus J. Ranum (Mar 17)
- Re: Firewall Audit Programme/checklist blast (Mar 17)
- Re: Firewall Audit Programme/checklist tqbf (Mar 16)
- Re: Firewall Audit Programme/checklist kant (Mar 16)
- Re: DNS -vs- the firewall: security thoughts Bennett Todd (Mar 12)