Thanx. I will be adding the Cisco 2514 to the test configuration.
Yehuda
***************
Yehuda G. Hahn
Technical Director
Focus Lion Communications, Ltd.
6 Yannai Street, Suite 1
Jerusalem
Israel
Tel. +972 2-622-1352
Fax. +972 2-622-1289
E-mail: ygh @
cfsnet .
com
URL: http://www.eye-on.co.il/
-----Original Message-----
From: Todd Graham Lewis [SMTP:lists @
reflections .
mindspring .
com]
Sent: Wednesday, December 11, 1996 9:07 AM
To: Yehuda G. Hahn
Cc: 'firewalls @
greatcircle .
com'
Subject: RE: Is NT really that bad?
On Wed, 11 Dec 1996, Yehuda G. Hahn wrote:
> My concern therefore downshifts to
> the original question: As of December 1996, is there any known way of
> subverting an NT firewall that has port 443 open incoming and no
> outgoing ports, where such way is not possible under UNIX?
Not that I'm aware of, but for a simple packet filter, I would trust:
a router such as a cisco 2514 with two ethernet ports. Why? That IP code
has been through the most God-awful pounding anyone has ever put IP code
through, and it works. Packet filters under cisco are about the most
trusted way to do packet filters, and as long as you put an access list on
telnet access to the cisco itself, you're fine.
(Wow, I didn't even mention IPFWADM...
..
Doh!)
__
Todd Graham Lewis Linux! Core Engineering
Mindspring Enterprises tlewis @
mindspring .
com (800) 719 4664, x2804
Follow-Ups:
|
|
