mailing list archives
Re: The Outgoing Traffic Problem
From: ArkanoiD <ark () eltex net>
Date: Wed, 19 Jul 2006 17:25:28 +0400
Yep, the http problem it is basically stateless and consists of a zillion
of short-living connections. You may, however, invent some referer/cookie
black magic, but it is, actually, security through obscurity - if that
thing could be widespread to some extent, i am sure trojans could happily
piggyback that method.
I have an http authentication system that works like "the user is
authenticated while telnet (don't worry, there are SSL and IPSEC) session
to authntication agent is active", but its shortcomings are obvious.
On Tue, Jul 18, 2006 at 05:12:45PM -0400, Paul D. Robertson wrote:
On Tue, 18 Jul 2006, Marcus J. Ranum wrote:
Sigh. ANY authentication would be better than none at all.
So now we're back to a conversation that I recall having several
times in 1992/3: that outgoing connections should be authenticated
as "belonging" to a real human behind a keyboard before they are
allowed. I remember Fred and I floated that idea to a few customers
(including folks who were considered to be very sophisticated, in
terms of security) and getting blank stares in response.
Been there, done that, broke the Gauntlet. Authentication for HTTP didn't
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com