Firewall Wizards mailing list archives
RE: IP over DNS.
From: Bill_Royds () pch gc ca
Date: Sun, 17 Sep 2000 17:16:07 -0400
Frank Knobbe <FKnobbe () KnobbeITS com> on 09/14/2000 12:45:56
To: "'Matt Cramer'" <mscramer () armstrong com>,
firewall-wizards () nfr net
cc: (bcc: Bill Royds/HullOttawa/PCH/CA)
Subject: RE: [fw-wiz] IP over DNS.
<snip>
Afaik, there is no DNS proxy that actually examines the contents of
DNS queries and replies...
Any thoughts on this?
Frank
Some Application Gateway Firewalls, such as Axent Raptor, have DNS proxies that
verify the correctness of the DNS traffic. The Raptor proxy actually asks as a
DNS forwarder, verifying the adherence to the RFC's for all entries (not
allowing characters for hosts or domains outside of DNS standard). It ensures
that TXT records are 7-bit ASCII although someone could probably base 64 encode
binary to get by it.
_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- IP over DNS. Darren Reed (Sep 12)
- Re: IP over DNS. Ryan Russell (Sep 13)
- Re: IP over DNS. Mikael Olsson (Sep 13)
- Re: IP over DNS. Matt Cramer (Sep 13)
- Re: IP over DNS. Darren Reed (Sep 16)
- <Possible follow-ups>
- Re: IP over DNS. Alex Goldney (Sep 13)
- Re: IP over DNS. Darren Reed (Sep 13)
- RE: IP over DNS. Frank Knobbe (Sep 16)
- RE: IP over DNS. Bill_Royds (Sep 18)
- Re: IP over DNS. Darren Reed (Sep 19)