From owner-freebsd-security Sun Apr 2 3:39:58 2000 Delivered-To: freebsd-security@freebsd.org Received: from awfulhak.org (tun.AwfulHak.org [194.242.139.173]) by hub.freebsd.org (Postfix) with ESMTP id 7072337B6AB for ; Sun, 2 Apr 2000 03:39:50 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (root@hak.lan.awfulhak.org [172.16.0.12]) by awfulhak.org (8.9.3/8.9.3) with ESMTP id LAA90403; Sun, 2 Apr 2000 11:37:58 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id LAA01485; Sun, 2 Apr 2000 11:37:57 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200004021037.LAA01485@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.1.1 10/15/1999 To: Andre Gironda Cc: James Wyatt , Nate Williams , Jim Durham , freebsd-security@FreeBSD.ORG Subject: Re: FTP with firewall rules In-Reply-To: Message from Andre Gironda of "Sat, 01 Apr 2000 20:08:28 -0800." <20000401200828.B319@toaster.sun4c.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 02 Apr 2000 11:37:57 +0100 From: Brian Somers Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Proxies are a great idea in most cases, although I think they're > a bit restrictive. But then again, do you really want people > using programs like httptunnel and creating a potential security > problem? > > Have you seen http://www.detached.net/mailtunnel.html ? [.....] And there's an ftptunnel too... I really think that the only way to really secure your network is to deny everything and then allow what you know. Of course this means over-restrictive access to the 'net which may be unrealistic for some companies. -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message