On Thu, 31 Jul 1997, Joseph S. D. Yao wrote:
> > someone in my company wrote 2 applications called pftp and ptelnet that
> > use the application proxy to establish a secure FTP or telnet connection
> > in one step. just type 'ptelnet domain.com' and you'll telnet thru the
> > proxy. it's been ported by others for use on unixware, solaris, linux (i
> > think) and others. if int. i can try and get the source code, or if it's
> > proprietary at least some further information. much easier than doing 2
> > steps and no one has to be given a login to the proxy.
>
> While this is a nice thing to do ... why would anyone ever have had to
> have an account on the proxy host? You don't need one to use tn-gw and
> ftp-gw! Get those accounts off the proxy host - they're diminishing
> your security!
Well that's a question lots of ppl are probably asking because you got a
little snip happy and cut out the following section of the orig. email i
was responding to in which someone suggested telnetting to the firewall
(thus req. an acct./login-passwd) and then telnetting from the firewall
out... shame on you.
> I haven't looked at your configuration, because you can't do either of
> these things using the TIS FWTK. In both cases, you must connect to
> the firewall bastion host (using 'telnet' or 'ftp', or your commercial
> product that uses those products), and from their connect out to the
> Internet host that you want to reach.
i wasn't advocating giving users acct.s on the firewall by any means, i'm
with you on that.
> Having said that ... can you send me pointers to the source code for
> the various ports?
man they've got binaries ported to AIX, SGI, linux, unixware, irix, vms,
and some others i didn't even recognize. besides that there's a whole
suite of them, they call it 'proxy tools.' the p in front of these stands
for proxy as the apps work transparently thru the proxy server, there's
pftp, pfinger, pwhois, ptelnet, prlogin and some others i'm forgetting.
the one readme i found said copywrite Univ. of Calif. 1988 or something
but the network guys swear the stuff is proprietary and was just based on
that orig. code long ago. i think there's some info on the apps on the
web and i'm trying to get my hands on the docs for anyone who wants them
but i'm really not sure what i'll be able to come up w/. i'll keep trying
for a while and let you know.
on a side note, sure they've got all these fancy proxy tools, and they
don't even have /bin/bash!
- bill
cooper @
io .
com
======================================================
My .sig: 7-2-97
"... I had to choose between an honest arrogance and a hypocritical humility,
and I deliberately chose an honest arrogance, and I've never been sorry."
- Frank Lloyd Wright
Follow-Ups:
|
|
