Re: [fw-wiz] SCADA



On Mon, Apr 27, 2009 at 1:09 PM, Jim Seymour <jseymour@xxxxxxxxxxx> wrote:

Dotzero <dotzero@xxxxxxxxx> wrote:
[snip]

or DNS

So-called "Janus DNS" solves this.  First described in print in
Cheswick & Bellovin's "Firewalls and Internet Security: Repelling
the Wily Hacker," I believe.


It's not just executable code. I do a DNS lookup to find out where to
connect to. The proxy passes the answer. It does not guarantee the
answer is correct. And for those who would point to DNSSEC, how many
domains currently sign? When will the root sign? When will .com sign?
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: AD/DNS with NAT
    ... Datacenters host servers as Domain Controllers AD2003, DNS, Exchange ... sites with the Net ID they use and how they are connected (VPN, ... every small offices to use NAT in order to keep the private IP range ... Forget Firewalls and forget NAT. ...
    (microsoft.public.windows.server.networking)
  • Re: 99.9 % of Software/Hardware Firewalls DO-NOT.....
    ... If you're saying that MAC address ... > Internet, because MAC ADDRESSES ARE A LAN issue, not a WAN issue. ... > "Most firewalls do not come preconfigured to block Private Addresses, ... > "...gain entry via DNS UDP, or worse yet, DNS TCP for Zone Transfers"? ...
    (comp.security.firewalls)
  • Re: 99.9 % of Software/Hardware Firewalls DO-NOT.....
    ... If you're saying that MAC address ... Internet, because MAC ADDRESSES ARE A LAN issue, not a WAN issue. ... "Most firewalls do not come preconfigured to block Private Addresses, ... "...gain entry via DNS UDP, or worse yet, DNS TCP for Zone Transfers"? ...
    (comp.security.firewalls)
  • Re: 99.9 % of Software/Hardware Firewalls DO-NOT.....
    ... The only way your really going to get someone's mac address, ... > Internet, because MAC ADDRESSES ARE A LAN issue, not a WAN issue. ... > "Most firewalls do not come preconfigured to block Private Addresses, ... > "...gain entry via DNS UDP, or worse yet, DNS TCP for Zone Transfers"? ...
    (comp.security.firewalls)
  • Re: network goes down everyday at same time
    ... gateway and the other controls rules for our servers and has a .1 ... So physically we have two different firewalls that are the ... as for the DNS stuff you mentioned im not sure i know what you mean. ... side" and "server side". ...
    (microsoft.public.windows.server.networking)