Re: [fw-wiz] Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls
From: Marcus J. Ranum (mjr_at_ranum.com)
To: Frederick M Avolio <email@example.com>, Bret Watson <firstname.lastname@example.org>, email@example.com Date: Wed, 27 Aug 2003 18:40:00 -0400
Frederick M Avolio wrote:
>Even on a firewall that proxies all of these, you're talking 25 or so proxies for H.323 and 5 (whiteboarding, file transfer, chat, etc.) for T.120.
At which point I gotta break out the old joke Fred and I used to share,
Q: "What do you call a firewall that proxies HTTP, telnet, ftp, rlogin, ping... etc..?"
A: "A router."
Whiteboarding? File transfer? Chat? Why not remote disk format and
install, too? I'm sure there are no security flaws at all in any of those
protocols or the implementations thereof...
This whole firewall "thing" has become an exercise in wishful-thinking
"have your cake and eat it too" -- and in the long run it's not going to
work. It only works now because the hackers aren't as smart as
they and the media think they are.
firewall-wizards mailing list