Great Circle Associates Firewalls
(June 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: why this should not work a gateway/proxy/firewall ???
From: "Alexandre CHERIF" <Alexandre . Cherif @ videopole . fr>
Date: Thu, 26 Jun 1997 15:11:27 +0200
To: <firewalls @ greatcircle . com> 
Hi,

i'am new to firewall technology, i know a little bit about it, but not
very
much. one mounth ago, i had a idea(that should be stupid), and i don't
find
why this shouldn't work.

if a network said 194.1.1.0, and let say that this network has a gateway
in
194.1.1.1. all machine has a default gateway, to 194.1.1.1. this network
must be protected via firewall machine in this example 194.1.1.1.

if i wish, not to care about what services i would use, and don't want do
install all mandatory (ftp,www,...)

why nobody thinks to get the message send from the host to the gateway
(like a router) take the packet rewrite his adress with his own, send the
packet to the remote host, open a fake server (dependind on tcp,udp,icmp
source packet) and then when the remote host send his response, rewrite
the
end-user adress has it destination ??

my example should work with all services, becos it's "virtually" connected
to the internet, and even if the local application does't understand what
a
sock proxy is, it just forward the normal packet to the gateway like in
"connected way".

i hope it's clear, it's for me, it might to simply in my own opignon to
not
have been made since but i can figure out why it's impossbile :(((



if firewall guru can/would explain to me, why or why not it's not gonna
work ..

Regards
ps : i assume (should be read as i don't know) if a gateway or a router
opens a port to listen to packet, i should say too, that i ignore how
packet are transmit via a router/gateway.

----------------------------------------------------------------------------
----
L'histoire de l'humanité devient de plus en plus une course entre
l'éducation et la catastrophe.
(Human history becomes more and more a race between education and
catastrophe.)
Wells (Herbert George), The Outline of History, 15.
----------------------------------------------------------------------------
----
Alexandre CHERIF
VIDEOPOLE
Tél. : 01 44 69 88 63
Fax.: 01 44 69 93 30
mail : alexandre .
 cherif @
 videopole .
 fr
----------------------------------------------------------------------------
----
Follow-Ups:
Indexed By Date Previous: Re: Definition of a security expert
From: pnash @ hanshan . bbnplanet . com (Paul Nash)
Next: Re: secure replication of data in insecure networks
From: Adam Shostack <adam @ homeport . org>
Indexed By Thread Previous: RE: Is six weeks long enough to become a
From: ATTIAU!ATTIAU!pburgess @ attiau . attmail . com (Burgess, Paul)
Next: Re: why this should not work a gateway/proxy/firewall ???
From: tzeruch @ ceddec . com
Google
 
Search Internet Search www.greatcircle.com