[ale] IPSec question
Stephan Uphoff
ups at tree.com
Tue Jul 20 13:04:10 EDT 2004
> Stephan Uphoff wrote:
> > Geoffrey wrote:
> >
> >>Because they are supporting the service. Again, you're at their mercy.
> >> Most companies don't permit just anyone vpn type connectivity. Since
> >>you don't 'manage' the firewall in question, you'll have to work with
> >>each company to get ipsec connectivity.
> >
> >
> > But you can tunnel over HTTP/DNS/SMTP/ICMP....... any protocol };-)
> >
> > You can easily leak informations through firewalls and even gateways
> > if you control machines on both sides.
>
> You might want to concern yourself with company policies in this area.
> I'll have to admit, my suggestions were assuming you were going to do
> things according to existing policies...
I totally agree ... the answer was still in context of the first
email and assumed a NATed courtesy IP connection.
This was more on showing that solutions exist to supplement missing
functionality of the NAT device .... and then I got a bit carried away ;-)
Stephan
More information about the Ale
mailing list