Firewall Wizards: Re: stealth firewalls

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Firewall Wizards mailing list archives

Re: stealth firewalls

From: "Volker Tanger" <volker.tanger () discon de>
Date: Fri, 18 Jan 2002 09:50:15 +0100

ark () eltex ru wrote:

> YOU (Volker Tanger) WROTE:
>
>> Second problem is doing VPN - or: not! Without a (visible) VPN peer
>> there is no VPN to be established.

Why not? I see no technical reason why one cannot build birdging
functionality over 100% isolated underlying VPN infrastructure and
virtual tunneling interfaces.

Okay, misunderstanding: you can not do VPN without an IP addressfor the VPN peers.


If the firewall is expected to do the VPN stuff, it has

to have an IP address responding to IKE, ICMP, whatever.
But with this it is no longer a stealth (i.e. IP-addressless)
firewall.

Of course you can do VPN between two peers with a stealth firewall inbetween (that is if the firewall allows), but that was not the point.


Bye
        Volker

--

Volker Tanger  <volker.tanger () discon de>
 Wrangelstr. 100, 10997 Berlin, Germany
    DiSCON GmbH - Internet Solutions
         http://www.discon.de/

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

By Date By Thread

Current thread:

RE: stealth firewalls, (continued)
- Re: stealth firewalls Volker Tanger (Jan 17)
  - Re: stealth firewalls ark (Jan 18)
    - Re: stealth firewalls Volker Tanger (Jan 18)
- Re: stealth firewalls Peter Lukas (Jan 17)
- Re: stealth firewalls Dave Mitchell (Jan 18)
- Re: stealth firewalls Roelof JT Jonkman (Jan 18)
- Re: stealth firewalls ark (Jan 17)
- Re: stealth firewalls ark (Jan 18)