Jeffry Tank wrote:
> Can anyone tell me if it true that by putting an IP/IPX gateway between your
> internal IPX lan and your internet server, you can prevent _all_ attacks to
> your system from the outside (the internet)? Seem too simple to me, but some
> folks at my company insist that this is true. What about IPX packets
> wrapped in an IP layer? (assuming this can be done) Then when the IP layer
> is stripped off at the gateway couldn't the IPX parkets contain info to
> inflict damage to the internal network, at say the Novell server?
We are working through this now. So far it looks like it may be simple but
it works. The one possible exception would be the IPTUNNEL feature on your
NetWare servers. If it were implemented AND if your IP/IPX gateway was routing
IP onto your IPX side AND TCPIP.NLM is running on the server, you should be able
to get to the server through the gateway. Without explicitly doing all of the above, I
haven't found a way to get to the server from the outside.
I'd appreciate it if anyone else can confirm/rebut this.
Eliot T. Ware, CNE voice: (202) 622-1302
Global Systems Architect fax: (202) 622-2582
Department of the Treasury (UNIBAND)
preferred: etware @
alternate: eliot .