Firewall Wizards: Re: tunnel vs open a hole

[Frank Knobbe <fknobbe () knobbeits com>]

On Tue, 2003-04-08 at 12:16, Dave Piscitello wrote:
> [...]
> No one discussed the benefits of using an encrypted, authenticated
> tunnel (SSL, SSH, ...), which do provide additional controls. 
> [...]

At the same time, some tunnels have certain drawbacks. Depending on what
tunnel you use, you may not know the senders IP address. For example, if
you use SSH to forward ports, you don't get the source's IP address (it
depends how you forward, most of the time the request would be coming
from 127.0.0.1). I'm not sure about ZBD but I believe it works the same
way. You would have to check the SSH/ZBD/yourtunnel logs, but that only
shows you a general connection or the tunnel endpoint, not related or
associateable to the real request (e.g. tcp port or sequence numbers),
or to the host behind the endpoint.

That 'hiding' behind tunnel endpoints can't be a benefit :)

Cheers,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part