|
Firewall Wizards
mailing list archives
Re: tunnel vs open a hole
From: Mikael Olsson <mikael.olsson () clavister com>
Date: Sun, 06 Apr 2003 22:51:47 +0200
"Anton A. Chuvakin" wrote:
...if to run a new application you'd have to either:
1. open a new port
2. accept tunneling over already open port/protocol
which would you choose?
If indeed the choice is as simple as you describe, it's a
no-brainer for me. The short-short version:
- Opening a new port exposes nothing that you wouldn't be exposing
anyway (through tunneling).
- Opening a new port lets me monitor the new traffic independently.
- Opening a new port lets me SHUT DOWN the new traffic immediately
without disrupting the other service, should I ever need to do so.
- HTTP tunneling is evil. See RFC 3205, also Best Current
Practice #65, "On the use of HTTP as a Substrate":
http://www.ietf.org/rfc/rfc3205.txt
--
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50 WWW: http://www.clavister.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
|
Intro
