|
Subject: |
Re: POP across a firewlll... |
|
From: |
"Santi Ribas - Brown's Operating System Services" <santi @
browns .
co .
uk> |
|
Date: |
Fri, 10 Oct 1997 10:25:48 +0100 |
|
To: |
firewalls @
greatcircle .
com |
|
Mmdf-warning: |
Parse error in original version of preceding line at post.browns.co.uk |
|
Mmdf-warning: |
Parse error in original version of preceding line at post.browns.co.uk |
|
Reply-to: |
santi @
browns .
co .
uk |
SOCKS is a proxy toolkit that allows the conversion of standard TCP clients
to proxied packets.
You can configure your firewall (if supports it) as a SOCKS server. Behind
your firewall you can have your private servers (like POP). On the other
side (i.e. Internet), you have a client PC with the email software and a
SOCKS software for PC. What SOCKS does, is allow a previous authentication
(i.e. ID/PSW to the SOCKS server or even with secure authentication). Once
this is done, all packets with destination to your internal POP server, can
go first to SOCKS, and SOCKS as a Proxy, will create new IP packets with
the source address of the SOCKS server, not the remote PC.
If you create a packet filter entry disallowing any packet through from
Internet to the mail server (port 110 POP3), and you allow the connection
from the SOCKS server to the Mail server, then no one will be able to
connect directly to the mail server. First they will have to authenticate
in the SOCKS server, so you just add a more secure connection.
Something else to say about it, is that SOCKS doesn't encrypt packets
itself, so you still have the possibility of internet hackers to see your
mails and POP accounts. Another possible problem is that you need a SOCKS
client software, which you can find as a freeware but not in all the
platforms. You can find yourself to buy a commercial SOCKS client for
Windows NT because you cound't find any freeware.
Santi Ribas
----------
> From: jon tobin <dyabolyk @
columbia .
digiweb .
com>
> To: firewalls @
greatcircle .
com
> Subject: Re: POP across a firewlll...
> Date: 09 October 1997 21:23
>
>
> On Thu, 9 Oct 1997, Santi Ribas - Brown's Operating System Services
wrote:
> > I wouldn't suggest to use POP across the Internet unless using
encryption
> > and access control by user to the POP server (like SOCKS does).
>
> what is SOCKS? A POP server?
>
>
> phleshitally: jonathan tobin
> digitally: www.dyabolyk.com
|
|
