In article <9407210641 .
AA22761 @
cwa .
com>, uunet!cwa .
com!dmurphy @
iphase .
com (Dan M
urphy) writes:
> Unless I'm mistaken, archie (and xarchie) use UDP, not TCP. Most of the
> networks belonging to the "anything not permitted is forbidden" school,
> I believe, tend to drop all UDP traffic as inherently insecure.
So, what are the risks of letting UDP thru the firewall onto any
internal machine? We wanted to use SOCKS to proxy (most) everything
so that we can get user accounts off our bastion and deny any
packet not from the bastion from getting in. This does break archie.
I'm told there is a socks-like thing that operates on UDP.
Any thoughts or suggestions on the risks and administration complexity
of allowing UDP in vs using this proxy thing?
Thanks,
--
+========================================================================+
| PATRICK H LARKIN, JR. - System Administrator, Interphase Corp, Dallas |
|>----------------------------------------------------------------------<|
| Internet: PLarkin @
Iphase .
COM | Home: ..uunet!iphase!mustang!patrick |
| Compuserve: "Why?" | MCI-Mail: (forwarded to Compuserve) |
| FaxNet: (214) 919-9200 | Prodigy: "You've GOT to be kidding" |
+========================================================================+
Follow-Ups:
|
|
