Re: [fw-wiz] Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls

From: Marcus J. Ranum (mjr_at_ranum.com)
Date: 08/28/03

  • Next message: Carson Gaspar: "Re: [fw-wiz] Transparent proxies and PMTUD on the (WWW) serverside"
    To: Frederick M Avolio <fred@avolio.com>, Bret Watson <lists@ticm.com>, firewall-wizards@honor.icsalabs.com
    Date: Wed, 27 Aug 2003 18:40:00 -0400
    
    

     Frederick M Avolio wrote:
    >Even on a firewall that proxies all of these, you're talking 25 or so proxies for H.323 and 5 (whiteboarding, file transfer, chat, etc.) for T.120.

    At which point I gotta break out the old joke Fred and I used to share,
    circa 1992:
            Q: "What do you call a firewall that proxies HTTP, telnet, ftp, rlogin, ping... etc..?"
            A: "A router."

    Whiteboarding? File transfer? Chat? Why not remote disk format and
    install, too? I'm sure there are no security flaws at all in any of those
    protocols or the implementations thereof...

    This whole firewall "thing" has become an exercise in wishful-thinking
    "have your cake and eat it too" -- and in the long run it's not going to
    work. It only works now because the hackers aren't as smart as
    they and the media think they are.

    mjr.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Carson Gaspar: "Re: [fw-wiz] Transparent proxies and PMTUD on the (WWW) serverside"