Re: [fw-wiz] Evolution of Firewalls

From: Marcus J. Ranum (mjr_at_ranum.com)
Date: 03/18/04

  • Next message: Josh Welch: "RE: [fw-wiz] Cisco PiX 501 running 6.2 - Defying me for no reason" 
    To: ark@eltex.net
Date: Thu, 18 Mar 2004 09:34:44 -0500

    ArkanoiD wrote:
    >Slightly OT, anyone aware of WHICH protocol subset do email clients
    >use when doing IMAP4? I am still planning to implement a proxy, and RFC
    >requires all servers to support the whole fscking pile of s**t!
    >(still tring to imagine that terrible brain damage that may lead
    >protocol designers to such an idiotic requirement)

    I haven't looked at it, so I can't help you there. But the "methodology"
    (it doesn't deserve the term...) I used to use is pretty straightforward.
    I'd write the main loop that handles the I/O on the command stream
    and then I'd put it inline with a couple of clients and implement the
    command set that the client used and stop when I had it working with
    a couple of clients. ;)

    This worked surprisingly well, because I was able to "minimize"
    everything as I worked on it - whenever a command came through
    I'd ask myself "what the heck?" and figure out what it was supposed
    to do and then add whatever controls I could. Look for: buffer
    lengths, pathnames, execution commands, file operations,
    password lengths, username lengths, extra tokens on commands,
    line breaks, metacharacters where appropriate, etc. Then when
    you fire up a new client you'll periodically get something new that
    makes the proxy get upset - that's how you know it's working. :)

    Ignore the RFCs. Remember: they're part of the problem, not a
    definition of the solution. I'd go so far as to say that a proxy is
    *inherently* a violation of the RFCs - if it's done right. ;)

    mjr.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Josh Welch: "RE: [fw-wiz] Cisco PiX 501 running 6.2 - Defying me for no reason"

    Relevant Pages

    • Re: ISA Server Problems, please help
      ... Based on the rules you have listed, SecureNAT clients should only be allowed ... The All access rule for SBS Internet Users ... Web Proxy and/or Firewall Client ... > header to the publishing server instead of the actual one. ...
      (microsoft.public.windows.server.sbs)
    • Re: ISA 2004 Web Proxy Clients
      ... Do I need to create WPAD cname record in DNS in concert with WPAD entries in ... Is it possible to propagate web proxy information to clients using WPAD ... proxy clients dont get proxy server address in LAN settings of IE.Another ...
      (microsoft.public.isa.clients)
    • RE: Web Pages Stall
      ... The clients can access the internet via IE7. ... All proxy settings are correct. ... Do you still need the ISA logs?? ...
      (microsoft.public.windows.server.sbs)
    • Re: encapsulating webservice proxy to hide complexity
      ... - I really don't want my Web Proxy class to be exposed... ... with the ways your clients will be using the service. ... I would like to provide a simpler interface from my WS client DLL, ... int ret3 = pxy.SimplerMethod; ...
      (microsoft.public.dotnet.framework.webservices)
    • Re: DNS lookups and Sites and Services
      ... We have sites all over the country and in order to use our Proxy ... config file. ... Modern Windows clients do something very similar, ... Each of the DC's is a DNS server (DHCP ...
      (microsoft.public.win2000.active_directory)