>>>>> "Yasin" == Yasin Shaikh <yshaikh @
nesbittburns .
ca> writes:
Yasin> Does any one know where I can locate a socksified ping for
Yasin> Sunos/Solaris ? This will help us monitor our router link to ISP
Yasin> from our secure segment using the firewall which allows socksified
Yasin> connections only .
You can't SOCKSify ping, since SOCKS (version 4) only does TCP, and ping
works with ICMP. Even SOCKS version 5 won't be handling ICMP, if you
believe the draft RFC that comes with it:
The protocol described here is designed to provide a framework for
client-server applications in both the TCP and UDP domains to
conveniently and securely use the services of a network firewall.
The protocol is conceptually a "shim-layer" between the application
layer and the transport layer, and as such does not provide
network-layer gateway services, such as forwarding of ICMP
messages.
Our solution was to build a separately tunnelled ping client that fired up
a small, isolated, non-root daemon on a machine in the DMZ. The daemon
simply runs `ping' and sends the output back to the client. If you don't
want to run the daemon on the bastion, you can place it on a machine in the
DMZ and SOCKSify the client, since the client uses TCP to get to the
daemon. You're welcome to the package; it's available on our web server:
ftp://ftp.telebase.com/pub/security/rping-1.2.tar.gz
----
Brian Clapper, bmc @
telebase .
com, http://www.netaxs.com/~bmc/
"The warning message we sent the Russians was a calculated ambiguity
that would be clearly understood."
-- Alexander Haig
|
|
