From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/28936 Path: main.gmane.org!not-for-mail From: Alan Shutko Newsgroups: gmane.emacs.gnus.general Subject: Re: Reading Ding in Gnus Date: 24 Jan 2000 15:22:59 -0500 Sender: owner-ding@hpc.uh.edu Message-ID: References: NNTP-Posting-Host: coloc-standby.netfonds.no Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: main.gmane.org 1035165694 32391 80.91.224.250 (21 Oct 2002 02:01:34 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Mon, 21 Oct 2002 02:01:34 +0000 (UTC) Return-Path: Original-Received: from bart.math.uh.edu (bart.math.uh.edu [129.7.128.48]) by mailhost.sclp.com (Postfix) with ESMTP id 77D03D051E for ; Mon, 24 Jan 2000 15:31:55 -0500 (EST) Original-Received: from sina.hpc.uh.edu (lists@Sina.HPC.UH.EDU [129.7.3.5]) by bart.math.uh.edu (8.9.1/8.9.1) with ESMTP id OAB23476; Mon, 24 Jan 2000 14:31:14 -0600 (CST) Original-Received: by sina.hpc.uh.edu (TLB v0.09a (1.20 tibbs 1996/10/09 22:03:07)); Mon, 24 Jan 2000 14:30:58 -0600 (CST) Original-Received: from mailhost.sclp.com (postfix@sclp3.sclp.com [204.252.123.139]) by sina.hpc.uh.edu (8.9.3/8.9.3) with ESMTP id OAA16155 for ; Mon, 24 Jan 2000 14:30:47 -0600 (CST) Original-Received: from nms01.srv.hcvlny.cv.net (nms01.srv.hcvlny.cv.net [167.206.112.64]) by mailhost.sclp.com (Postfix) with ESMTP id 28934D051E for ; Mon, 24 Jan 2000 15:30:38 -0500 (EST) Original-Received: from s1.nassau.cv.net (s1.optonline.net [167.206.112.6]) by nms01.srv.hcvlny.cv.net (8.9.1b+Sun/8.9.1) with ESMTP id PAA02891 for ; Mon, 24 Jan 2000 15:30:36 -0500 (EST) Original-Received: from hunt108-151.optonline.net (hunt108-151.optonline.net [167.206.108.151]) by s1.nassau.cv.net (8.9.1/8.9.1) with ESMTP id PAA08233 for ; Mon, 24 Jan 2000 15:30:35 -0500 (EST) Original-Received: (from ats@localhost) by hunt108-151.optonline.net (8.9.3/8.9.3) id PAA20888; Mon, 24 Jan 2000 15:30:34 -0500 X-Authentication-Warning: localhost.localdomain: ats set sender to ats@acm.org using -f Original-To: ding@gnus.org Mail-Copies-To: never In-Reply-To: dsg@mitre.org's message of "24 Jan 2000 14:57:53 -0500" User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.5 Original-Lines: 32 Precedence: list X-Majordomo: 1.94.jlt7 Xref: main.gmane.org gmane.emacs.gnus.general:28936 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:28936 dsg@mitre.org (David S. Goldberg) writes: > > If you can convince your sysadmin to open outbound ssh (which is > > about as far from a security risk as can be), you can either > > redirect ports, or set up a PPP tunnel. > > Was there a smiley missing? That PPP tunnel is a complete subversion > of the firewall. No, it's not. My PPP tunnel won't allow anything into the network, and my machine won't packets to it. All it does is let me contact certain services that our firewall blocks. If you view a firewall as a tool to prevent use of services by people inside it, yes, I'm undermining it. If you view a firewall as a tool to protect against outside intruders, I'm not "completely subverting" the firewall. Now I hear you saying "Why would the firewall administrator block outgoing POP if he didn't care if you used it?" Good question, which is why I asked him. He didn't know, just sounded like a good idea at the time (like blocking all ICMP). In any case, he knows about my PPP tunnel and has no problem with it. Naturally, doing things this way will involve communication with the firewall admin, so I don't see any problem with it. If the admin doesn't go for it, it isn't going to happen. But personally, I don't think that (implemented correctly) this is more of a security concern for the company than executives forwarding all their mail to hotmail so they can access it on the road. -- Alan Shutko - In a variety of flavors! When nothing can possibly go wrong, it will.