Meeting Pearls 1

home *** CD-ROM | disk | FTP | other *** search
/ Meeting Pearls 1 / Meeting Pearls Vol 1 (1994).iso / installed_progs / text / faqs / firewall-faq < prev next >
Mailbox/MIME Entity | 1994-06-13 | 27.1 KB
open in:
MacOS 8.1 extracted |
Win98 extracted |
DOS extracted
browse contents |
view JSON data |
view as text

This file was processed as: Mailbox/MIME Entity (archive/mbox).
Confidence	Program	Detection	Match Type	Support
`100%`	dexvert	Mailbox/MIME Entity `(archive/mbox)`	magic	Supported
`100%`	dexvert	Internet Message Format `(text/imf)`	magic	Supported
`1%`	dexvert	Text File `(text/txt)`	fallback	Supported
`100%`	file	Mailbox text, 1st line "From uni-regensburg.de!fauern!xlink.net!howland.reston.ans.net!swrinde!news.dell.com!tadpole.com!uunet!shemesh.tis.com!mjr Mon ", ASCII text	default
`100%`	TrID	E-Mail message (Var. 2)	default
`100%`	checkBytes	Printable ASCII	default
`100%`	perlTextCheck	Likely Text (Perl)	default
`100%`	siegfried	x-fmt/111 Plain Text File	default
`100%`	detectItEasy	Format: plain text[LF]	default (weak)
`100%`	xdgMime	application/mbox	default
hex view
+--------+-------------------------+-------------------------+--------+--------+
|00000000| 46 72 6f 6d 20 75 6e 69 | 2d 72 65 67 65 6e 73 62 |From uni|-regensb|
|00000010| 75 72 67 2e 64 65 21 66 | 61 75 65 72 6e 21 78 6c |urg.de!f|auern!xl|
|00000020| 69 6e 6b 2e 6e 65 74 21 | 68 6f 77 6c 61 6e 64 2e |ink.net!|howland.|
|00000030| 72 65 73 74 6f 6e 2e 61 | 6e 73 2e 6e 65 74 21 73 |reston.a|ns.net!s|
|00000040| 77 72 69 6e 64 65 21 6e | 65 77 73 2e 64 65 6c 6c |wrinde!n|ews.dell|
|00000050| 2e 63 6f 6d 21 74 61 64 | 70 6f 6c 65 2e 63 6f 6d |.com!tad|pole.com|
|00000060| 21 75 75 6e 65 74 21 73 | 68 65 6d 65 73 68 2e 74 |!uunet!s|hemesh.t|
|00000070| 69 73 2e 63 6f 6d 21 6d | 6a 72 20 4d 6f 6e 20 4a |is.com!m|jr Mon J|
|00000080| 75 6e 20 20 36 20 32 31 | 3a 31 33 3a 33 36 20 31 |un  6 21|:13:36 1|
|00000090| 39 39 34 0a 50 61 74 68 | 3a 20 75 6e 69 2d 72 65 |994.Path|: uni-re|
|000000a0| 67 65 6e 73 62 75 72 67 | 2e 64 65 21 66 61 75 65 |gensburg|.de!faue|
|000000b0| 72 6e 21 78 6c 69 6e 6b | 2e 6e 65 74 21 68 6f 77 |rn!xlink|.net!how|
|000000c0| 6c 61 6e 64 2e 72 65 73 | 74 6f 6e 2e 61 6e 73 2e |land.res|ton.ans.|
|000000d0| 6e 65 74 21 73 77 72 69 | 6e 64 65 21 6e 65 77 73 |net!swri|nde!news|
|000000e0| 2e 64 65 6c 6c 2e 63 6f | 6d 21 74 61 64 70 6f 6c |.dell.co|m!tadpol|
|000000f0| 65 2e 63 6f 6d 21 75 75 | 6e 65 74 21 73 68 65 6d |e.com!uu|net!shem|
|00000100| 65 73 68 2e 74 69 73 2e | 63 6f 6d 21 6d 6a 72 0a |esh.tis.|com!mjr.|
|00000110| 46 72 6f 6d 3a 20 66 77 | 61 6c 6c 73 2d 66 61 71 |From: fw|alls-faq|
|00000120| 40 74 69 73 2e 63 6f 6d | 20 28 49 6e 74 65 72 6e |@tis.com| (Intern|
|00000130| 65 74 20 46 69 72 65 77 | 61 6c 6c 73 20 46 41 51 |et Firew|alls FAQ|
|00000140| 20 4d 61 69 6e 74 61 69 | 6e 65 72 29 0a 4e 65 77 | Maintai|ner).New|
|00000150| 73 67 72 6f 75 70 73 3a | 20 63 6f 6d 70 2e 73 65 |sgroups:| comp.se|
|00000160| 63 75 72 69 74 79 2e 75 | 6e 69 78 2c 63 6f 6d 70 |curity.u|nix,comp|
|00000170| 2e 73 65 63 75 72 69 74 | 79 2e 6d 69 73 63 2c 63 |.securit|y.misc,c|
|00000180| 6f 6d 70 2e 61 6e 73 77 | 65 72 73 2c 6e 65 77 73 |omp.answ|ers,news|
|00000190| 2e 61 6e 73 77 65 72 73 | 0a 53 75 62 6a 65 63 74 |.answers|.Subject|
|000001a0| 3a 20 46 69 72 65 77 61 | 6c 6c 73 20 46 41 51 20 |: Firewa|lls FAQ |
|000001b0| 28 52 65 76 20 33 2c 20 | 75 70 64 61 74 65 64 20 |(Rev 3, |updated |
|000001c0| 4d 6f 6e 20 4a 75 6e 20 | 20 36 20 31 30 3a 31 37 |Mon Jun | 6 10:17|
|000001d0| 3a 35 39 20 31 39 39 34 | 29 0a 46 6f 6c 6c 6f 77 |:59 1994|).Follow|
|000001e0| 75 70 2d 54 6f 3a 20 63 | 6f 6d 70 2e 73 65 63 75 |up-To: c|omp.secu|
|000001f0| 72 69 74 79 2e 6d 69 73 | 63 0a 44 61 74 65 3a 20 |rity.mis|c.Date: |
|00000200| 36 20 4a 75 6e 20 31 39 | 39 34 20 31 34 3a 32 36 |6 Jun 19|94 14:26|
|00000210| 3a 32 30 20 47 4d 54 0a | 4f 72 67 61 6e 69 7a 61 |:20 GMT.|Organiza|
|00000220| 74 69 6f 6e 3a 20 41 20 | 70 6f 6f 72 6c 79 2d 69 |tion: A |poorly-i|
|00000230| 6e 73 74 61 6c 6c 65 64 | 20 49 6e 74 65 72 4e 65 |nstalled| InterNe|
|00000240| 74 4e 65 77 73 20 73 69 | 74 65 0a 4c 69 6e 65 73 |tNews si|te.Lines|
|00000250| 3a 20 36 36 31 0a 41 70 | 70 72 6f 76 65 64 3a 20 |: 661.Ap|proved: |
|00000260| 6e 65 77 73 2d 61 6e 73 | 77 65 72 73 2d 72 65 71 |news-ans|wers-req|
|00000270| 75 65 73 74 40 4d 49 54 | 2e 45 44 55 0a 44 69 73 |uest@MIT|.EDU.Dis|
|00000280| 74 72 69 62 75 74 69 6f | 6e 3a 20 77 6f 72 6c 64 |tributio|n: world|
|00000290| 0a 4d 65 73 73 61 67 65 | 2d 49 44 3a 20 3c 31 39 |.Message|-ID: <19|
|000002a0| 39 34 4a 75 6e 30 36 2e | 30 36 33 31 31 30 2e 33 |94Jun06.|063110.3|
|000002b0| 40 74 69 73 2e 63 6f 6d | 3e 0a 52 65 70 6c 79 2d |@tis.com|>.Reply-|
|000002c0| 54 6f 3a 20 66 77 61 6c | 6c 73 2d 66 61 71 40 74 |To: fwal|ls-faq@t|
|000002d0| 69 73 2e 63 6f 6d 20 28 | 46 41 51 20 43 6f 6d 6d |is.com (|FAQ Comm|
|000002e0| 65 6e 74 73 29 0a 4e 4e | 54 50 2d 50 6f 73 74 69 |ents).NN|TP-Posti|
|000002f0| 6e 67 2d 48 6f 73 74 3a | 20 6f 74 74 65 72 0a 43 |ng-Host:| otter.C|
|00000300| 6f 6e 74 65 6e 74 2d 54 | 79 70 65 3a 20 74 65 78 |ontent-T|ype: tex|
|00000310| 74 0a 53 75 6d 6d 61 72 | 79 3a 20 54 68 69 73 20 |t.Summar|y: This |
|00000320| 70 6f 73 74 69 6e 67 20 | 63 6f 6e 74 61 69 6e 73 |posting |contains|
|00000330| 20 61 20 6c 69 73 74 20 | 6f 66 20 66 72 65 71 75 | a list |of frequ|
|00000340| 65 6e 74 6c 79 20 61 73 | 6b 65 64 20 71 75 65 73 |ently as|ked ques|
|00000350| 74 69 6f 6e 73 20 61 62 | 6f 75 74 0a 09 49 6e 74 |tions ab|out..Int|
|00000360| 65 72 6e 65 74 20 46 69 | 72 65 77 61 6c 6c 73 2c |ernet Fi|rewalls,|
|00000370| 20 61 6e 64 20 74 68 65 | 69 72 20 61 6e 73 77 65 | and the|ir answe|
|00000380| 72 73 2e 0a 58 2d 50 6f | 73 74 69 6e 67 2d 46 72 |rs..X-Po|sting-Fr|
|00000390| 65 71 75 65 6e 63 79 3a | 20 77 68 65 6e 65 76 65 |equency:| wheneve|
|000003a0| 72 20 75 70 64 61 74 65 | 64 0a 58 72 65 66 3a 20 |r update|d.Xref: |
|000003b0| 75 6e 69 2d 72 65 67 65 | 6e 73 62 75 72 67 2e 64 |uni-rege|nsburg.d|
|000003c0| 65 20 63 6f 6d 70 2e 73 | 65 63 75 72 69 74 79 2e |e comp.s|ecurity.|
|000003d0| 75 6e 69 78 3a 35 39 36 | 36 20 63 6f 6d 70 2e 73 |unix:596|6 comp.s|
|000003e0| 65 63 75 72 69 74 79 2e | 6d 69 73 63 3a 37 30 34 |ecurity.|misc:704|
|000003f0| 33 20 63 6f 6d 70 2e 61 | 6e 73 77 65 72 73 3a 35 |3 comp.a|nswers:5|
|00000400| 32 36 31 20 6e 65 77 73 | 2e 61 6e 73 77 65 72 73 |261 news|.answers|
|00000410| 3a 31 36 30 32 36 0a 0a | 41 72 63 68 69 76 65 2d |:16026..|Archive-|
|00000420| 6e 61 6d 65 3a 20 66 69 | 72 65 77 61 6c 6c 73 2d |name: fi|rewalls-|
|00000430| 66 61 71 0a 50 6f 73 74 | 69 6e 67 2d 46 72 65 71 |faq.Post|ing-Freq|
|00000440| 75 65 6e 63 79 3a 20 77 | 68 65 6e 65 76 65 72 20 |uency: w|henever |
|00000450| 75 70 64 61 74 65 64 0a | 4c 61 73 74 2d 6d 6f 64 |updated.|Last-mod|
|00000460| 69 66 69 65 64 3a 20 4d | 6f 6e 20 4a 75 6e 20 20 |ified: M|on Jun  |
|00000470| 36 20 31 30 3a 31 37 3a | 35 39 20 31 39 39 34 0a |6 10:17:|59 1994.|
|00000480| 56 65 72 73 69 6f 6e 3a | 20 33 0a 0a 49 6e 74 65 |Version:| 3..Inte|
|00000490| 72 6e 65 74 20 46 69 72 | 65 77 61 6c 6c 73 20 46 |rnet Fir|ewalls F|
|000004a0| 72 65 71 75 65 6e 74 6c | 79 20 41 73 6b 65 64 20 |requentl|y Asked |
|000004b0| 51 75 65 73 74 69 6f 6e | 73 0a 3d 3d 3d 3d 3d 3d |Question|s.======|
|000004c0| 3d 3d 3d 3d 3d 3d 3d 3d | 3d 3d 3d 3d 3d 3d 3d 3d |========|========|
|000004d0| 3d 3d 3d 3d 3d 3d 3d 3d | 3d 3d 3d 3d 3d 3d 3d 3d |========|========|
|000004e0| 3d 3d 3d 3d 3d 3d 3d 0a | 0a 41 62 6f 75 74 20 74 |=======.|.About t|
|000004f0| 68 65 20 46 41 51 0a 3d | 3d 3d 3d 3d 3d 3d 3d 3d |he FAQ.=|========|
|00000500| 3d 3d 3d 3d 0a 54 68 69 | 73 20 46 41 51 20 69 73 |====.Thi|s FAQ is|
|00000510| 20 6e 6f 74 20 61 6e 20 | 61 64 76 65 72 74 69 73 | not an |advertis|
|00000520| 65 6d 65 6e 74 20 6f 72 | 20 65 6e 64 6f 72 73 65 |ement or| endorse|
|00000530| 6d 65 6e 74 20 66 6f 72 | 20 61 6e 79 0a 70 72 6f |ment for| any.pro|
|00000540| 64 75 63 74 2c 20 63 6f | 6d 70 61 6e 79 2c 20 6f |duct, co|mpany, o|
|00000550| 72 20 63 6f 6e 73 75 6c | 74 61 6e 74 2e 20 54 68 |r consul|tant. Th|
|00000560| 65 20 6d 61 69 6e 74 61 | 69 6e 65 72 20 77 65 6c |e mainta|iner wel|
|00000570| 63 6f 6d 65 73 20 69 6e | 70 75 74 0a 61 6e 64 20 |comes in|put.and |
|00000580| 63 6f 6d 6d 65 6e 74 73 | 20 6f 6e 20 74 68 65 20 |comments| on the |
|00000590| 63 6f 6e 74 65 6e 74 73 | 20 6f 66 20 74 68 69 73 |contents| of this|
|000005a0| 20 46 41 51 2e 20 43 6f | 6d 6d 65 6e 74 73 20 72 | FAQ. Co|mments r|
|000005b0| 65 6c 61 74 65 64 0a 74 | 6f 20 74 68 65 20 46 41 |elated.t|o the FA|
|000005c0| 51 20 73 68 6f 75 6c 64 | 20 62 65 20 61 64 64 72 |Q should| be addr|
|000005d0| 65 73 73 65 64 20 74 6f | 20 46 77 61 6c 6c 73 2d |essed to| Fwalls-|
|000005e0| 46 41 51 40 74 69 73 2e | 63 6f 6d 2e 0a 0a 0a 43 |FAQ@tis.|com....C|
|000005f0| 6f 6e 74 65 6e 74 73 3a | 0a 3d 3d 3d 3d 3d 3d 3d |ontents:|.=======|
|00000600| 3d 3d 0a 31 3a 20 57 68 | 61 74 20 69 73 20 61 20 |==.1: Wh|at is a |
|00000610| 6e 65 74 77 6f 72 6b 20 | 66 69 72 65 77 61 6c 6c |network |firewall|
|00000620| 3f 0a 32 3a 20 57 68 79 | 20 77 6f 75 6c 64 20 49 |?.2: Why| would I|
|00000630| 20 77 61 6e 74 20 61 20 | 66 69 72 65 77 61 6c 6c | want a |firewall|
|00000640| 3f 0a 33 3a 20 57 68 61 | 74 20 63 61 6e 20 61 20 |?.3: Wha|t can a |
|00000650| 66 69 72 65 77 61 6c 6c | 20 70 72 6f 74 65 63 74 |firewall| protect|
|00000660| 20 61 67 61 69 6e 73 74 | 3f 0a 34 3a 20 57 68 61 | against|?.4: Wha|
|00000670| 74 20 63 61 6e 27 74 20 | 61 20 66 69 72 65 77 61 |t can't |a firewa|
|00000680| 6c 6c 20 70 72 6f 74 65 | 63 74 20 61 67 61 69 6e |ll prote|ct again|
|00000690| 73 74 3f 0a 35 3a 20 57 | 68 61 74 20 61 72 65 20 |st?.5: W|hat are |
|000006a0| 67 6f 6f 64 20 73 6f 75 | 72 63 65 73 20 6f 66 20 |good sou|rces of |
|000006b0| 70 72 69 6e 74 20 69 6e | 66 6f 72 6d 61 74 69 6f |print in|formatio|
|000006c0| 6e 20 6f 6e 20 66 69 72 | 65 77 61 6c 6c 73 3f 0a |n on fir|ewalls?.|
|000006d0| 36 3a 20 57 68 65 72 65 | 20 63 61 6e 20 49 20 67 |6: Where| can I g|
|000006e0| 65 74 20 6d 6f 72 65 20 | 69 6e 66 6f 72 6d 61 74 |et more |informat|
|000006f0| 69 6f 6e 20 6f 6e 20 66 | 69 72 65 77 61 6c 6c 73 |ion on f|irewalls|
|00000700| 20 6f 6e 20 74 68 65 20 | 20 6e 65 74 77 6f 72 6b | on the | network|
|00000710| 3f 0a 37 3a 20 57 68 61 | 74 20 61 72 65 20 73 6f |?.7: Wha|t are so|
|00000720| 6d 65 20 63 6f 6d 6d 65 | 72 63 69 61 6c 20 70 72 |me comme|rcial pr|
|00000730| 6f 64 75 63 74 73 20 6f | 72 20 63 6f 6e 73 75 6c |oducts o|r consul|
|00000740| 74 61 6e 74 73 20 77 68 | 6f 20 73 65 6c 6c 2f 73 |tants wh|o sell/s|
|00000750| 65 72 76 69 63 65 20 66 | 69 72 65 77 61 6c 6c 73 |ervice f|irewalls|
|00000760| 3f 0a 38 3a 20 57 68 61 | 74 20 61 72 65 20 73 6f |?.8: Wha|t are so|
|00000770| 6d 65 20 6f 66 20 74 68 | 65 20 62 61 73 69 63 20 |me of th|e basic |
|00000780| 64 65 73 69 67 6e 20 64 | 65 63 69 73 69 6f 6e 73 |design d|ecisions|
|00000790| 20 69 6e 20 61 20 66 69 | 72 65 77 61 6c 6c 3f 0a | in a fi|rewall?.|
|000007a0| 39 3a 20 57 68 61 74 20 | 61 72 65 20 70 72 6f 78 |9: What |are prox|
|000007b0| 79 20 73 65 72 76 65 72 | 73 20 61 6e 64 20 68 6f |y server|s and ho|
|000007c0| 77 20 64 6f 20 74 68 65 | 79 20 77 6f 72 6b 3f 0a |w do the|y work?.|
|000007d0| 31 30 3a 20 57 68 61 74 | 20 61 72 65 20 73 6f 6d |10: What| are som|
|000007e0| 65 20 63 68 65 61 70 20 | 70 61 63 6b 65 74 20 73 |e cheap |packet s|
|000007f0| 63 72 65 65 6e 69 6e 67 | 20 74 6f 6f 6c 73 3f 0a |creening| tools?.|
|00000800| 31 31 3a 20 57 68 61 74 | 20 61 72 65 20 73 6f 6d |11: What| are som|
|00000810| 65 20 72 65 61 73 6f 6e | 61 62 6c 65 20 66 69 6c |e reason|able fil|
|00000820| 74 65 72 69 6e 67 20 72 | 75 6c 65 73 20 66 6f 72 |tering r|ules for|
|00000830| 20 6d 79 20 43 69 73 63 | 6f 3f 0a 31 32 3a 20 48 | my Cisc|o?.12: H|
|00000840| 6f 77 20 64 6f 20 49 20 | 6d 61 6b 65 20 44 4e 53 |ow do I |make DNS|
|00000850| 20 77 6f 72 6b 20 77 69 | 74 68 20 61 20 66 69 72 | work wi|th a fir|
|00000860| 65 77 61 6c 6c 3f 0a 31 | 33 3a 20 48 6f 77 20 64 |ewall?.1|3: How d|
|00000870| 6f 20 49 20 6d 61 6b 65 | 20 46 54 50 20 77 6f 72 |o I make| FTP wor|
|00000880| 6b 20 74 68 72 6f 75 67 | 68 20 6d 79 20 66 69 72 |k throug|h my fir|
|00000890| 65 77 61 6c 6c 3f 0a 31 | 34 3a 20 48 6f 77 20 64 |ewall?.1|4: How d|
|000008a0| 6f 20 49 20 6d 61 6b 65 | 20 54 65 6c 6e 65 74 20 |o I make| Telnet |
|000008b0| 77 6f 72 6b 20 74 68 72 | 6f 75 67 68 20 6d 79 20 |work thr|ough my |
|000008c0| 66 69 72 65 77 61 6c 6c | 3f 0a 31 35 3a 20 48 6f |firewall|?.15: Ho|
|000008d0| 77 20 64 6f 20 49 20 6d | 61 6b 65 20 46 69 6e 67 |w do I m|ake Fing|
|000008e0| 65 72 20 61 6e 64 20 77 | 68 6f 69 73 20 77 6f 72 |er and w|hois wor|
|000008f0| 6b 20 74 68 72 6f 75 67 | 68 20 6d 79 20 66 69 72 |k throug|h my fir|
|00000900| 65 77 61 6c 6c 3f 0a 31 | 36 3a 20 48 6f 77 20 64 |ewall?.1|6: How d|
|00000910| 6f 20 49 20 6d 61 6b 65 | 20 67 6f 70 68 65 72 2c |o I make| gopher,|
|00000920| 20 61 72 63 68 69 65 2c | 20 61 6e 64 20 6f 74 68 | archie,| and oth|
|00000930| 65 72 20 73 65 72 76 69 | 63 65 73 20 77 6f 72 6b |er servi|ces work|
|00000940| 20 74 68 72 6f 75 67 68 | 20 6d 79 20 66 69 72 65 | through| my fire|
|00000950| 77 61 6c 6c 3f 0a 31 37 | 3a 20 57 68 61 74 20 61 |wall?.17|: What a|
|00000960| 72 65 20 74 68 65 20 69 | 73 73 75 65 73 20 61 62 |re the i|ssues ab|
|00000970| 6f 75 74 20 58 2d 57 69 | 6e 64 6f 77 20 74 68 72 |out X-Wi|ndow thr|
|00000980| 6f 75 67 68 20 61 20 66 | 69 72 65 77 61 6c 6c 3f |ough a f|irewall?|
|00000990| 0a 31 38 3a 20 47 6c 6f | 73 73 61 72 79 20 6f 66 |.18: Glo|ssary of|
|000009a0| 20 66 69 72 65 77 61 6c | 6c 20 72 65 6c 61 74 65 | firewal|l relate|
|000009b0| 64 20 74 65 72 6d 73 0a | 0a 2d 2d 2d 2d 2d 2d 2d |d terms.|.-------|
|000009c0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|000009d0| 2d 2d 2d 2d 2d 2d 2d 0a | 0a 44 61 74 65 3a 20 54 |-------.|.Date: T|
|000009e0| 68 75 20 4d 61 72 20 33 | 20 31 32 3a 33 35 3a 35 |hu Mar 3| 12:35:5|
|000009f0| 39 20 31 39 39 34 0a 46 | 72 6f 6d 3a 20 46 77 61 |9 1994.F|rom: Fwa|
|00000a00| 6c 6c 73 2d 46 41 51 40 | 74 69 73 2e 63 6f 6d 0a |lls-FAQ@|tis.com.|
|00000a10| 53 75 62 6a 65 63 74 3a | 20 31 3a 20 57 68 61 74 |Subject:| 1: What|
|00000a20| 20 69 73 20 61 20 6e 65 | 74 77 6f 72 6b 20 66 69 | is a ne|twork fi|
|00000a30| 72 65 77 61 6c 6c 3f 0a | 0a 41 20 66 69 72 65 77 |rewall?.|.A firew|
|00000a40| 61 6c 6c 20 69 73 20 61 | 6e 79 20 6f 6e 65 20 6f |all is a|ny one o|
|00000a50| 66 20 73 65 76 65 72 61 | 6c 20 77 61 79 73 20 6f |f severa|l ways o|
|00000a60| 66 20 70 72 6f 74 65 63 | 74 69 6e 67 20 6f 6e 65 |f protec|ting one|
|00000a70| 0a 6e 65 74 77 6f 72 6b | 20 66 72 6f 6d 20 61 6e |.network| from an|
|00000a80| 6f 74 68 65 72 20 75 6e | 74 72 75 73 74 65 64 20 |other un|trusted |
|00000a90| 6e 65 74 77 6f 72 6b 2e | 20 54 68 65 20 61 63 74 |network.| The act|
|00000aa0| 75 61 6c 20 6d 65 63 68 | 61 6e 69 73 6d 0a 77 68 |ual mech|anism.wh|
|00000ab0| 65 72 65 62 79 20 74 68 | 69 73 20 69 73 20 61 63 |ereby th|is is ac|
|00000ac0| 63 6f 6d 70 6c 69 73 68 | 65 64 20 76 61 72 69 65 |complish|ed varie|
|00000ad0| 73 20 77 69 64 65 6c 79 | 2c 20 62 75 74 20 69 6e |s widely|, but in|
|00000ae0| 0a 70 72 69 6e 63 69 70 | 6c 65 2c 20 74 68 65 20 |.princip|le, the |
|00000af0| 66 69 72 65 77 61 6c 6c | 20 63 61 6e 20 62 65 20 |firewall| can be |
|00000b00| 74 68 6f 75 67 68 74 20 | 6f 66 20 61 73 20 61 20 |thought |of as a |
|00000b10| 70 61 69 72 20 6f 66 0a | 6d 65 63 68 61 6e 69 73 |pair of.|mechanis|
|00000b20| 6d 73 3a 20 6f 6e 65 20 | 77 68 69 63 68 20 65 78 |ms: one |which ex|
|00000b30| 69 73 74 73 20 74 6f 20 | 62 6c 6f 63 6b 20 74 72 |ists to |block tr|
|00000b40| 61 66 66 69 63 2c 20 61 | 6e 64 20 74 68 65 20 6f |affic, a|nd the o|
|00000b50| 74 68 65 72 0a 77 68 69 | 63 68 20 65 78 69 73 74 |ther.whi|ch exist|
|00000b60| 73 20 74 6f 20 70 65 72 | 6d 69 74 20 74 72 61 66 |s to per|mit traf|
|00000b70| 66 69 63 2e 20 53 6f 6d | 65 20 66 69 72 65 77 61 |fic. Som|e firewa|
|00000b80| 6c 6c 73 20 70 6c 61 63 | 65 20 61 0a 67 72 65 61 |lls plac|e a.grea|
|00000b90| 74 65 72 20 65 6d 70 68 | 61 73 69 73 20 6f 6e 20 |ter emph|asis on |
|00000ba0| 62 6c 6f 63 6b 69 6e 67 | 20 74 72 61 66 66 69 63 |blocking| traffic|
|00000bb0| 2c 20 77 68 69 6c 65 20 | 6f 74 68 65 72 73 20 65 |, while |others e|
|00000bc0| 6d 70 68 61 73 69 7a 65 | 0a 70 65 72 6d 69 74 74 |mphasize|.permitt|
|00000bd0| 69 6e 67 20 74 72 61 66 | 66 69 63 2e 0a 0a 2d 2d |ing traf|fic...--|
|00000be0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00000bf0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 0a 0a 44 61 |--------|----..Da|
|00000c00| 74 65 3a 20 54 68 75 20 | 4d 61 72 20 33 20 31 32 |te: Thu |Mar 3 12|
|00000c10| 3a 33 36 3a 31 35 20 31 | 39 39 34 0a 46 72 6f 6d |:36:15 1|994.From|
|00000c20| 3a 20 46 77 61 6c 6c 73 | 2d 46 41 51 40 74 69 73 |: Fwalls|-FAQ@tis|
|00000c30| 2e 63 6f 6d 0a 53 75 62 | 6a 65 63 74 3a 20 32 3a |.com.Sub|ject: 2:|
|00000c40| 20 57 68 79 20 77 6f 75 | 6c 64 20 49 20 77 61 6e | Why wou|ld I wan|
|00000c50| 74 20 61 20 66 69 72 65 | 77 61 6c 6c 3f 0a 0a 54 |t a fire|wall?..T|
|00000c60| 68 65 20 49 6e 74 65 72 | 6e 65 74 2c 20 6c 69 6b |he Inter|net, lik|
|00000c70| 65 20 61 6e 79 20 6f 74 | 68 65 72 20 73 6f 63 69 |e any ot|her soci|
|00000c80| 65 74 79 2c 20 69 73 20 | 70 6c 61 67 75 65 64 20 |ety, is |plagued |
|00000c90| 77 69 74 68 20 74 68 65 | 0a 6b 69 6e 64 20 6f 66 |with the|.kind of|
|00000ca0| 20 6a 65 72 6b 73 20 77 | 68 6f 20 65 6e 6a 6f 79 | jerks w|ho enjoy|
|00000cb0| 20 74 68 65 20 65 6c 65 | 63 74 72 6f 6e 69 63 20 | the ele|ctronic |
|00000cc0| 65 71 75 69 76 61 6c 65 | 6e 74 20 6f 66 20 77 72 |equivale|nt of wr|
|00000cd0| 69 74 69 6e 67 0a 6f 6e | 20 6f 74 68 65 72 20 70 |iting.on| other p|
|00000ce0| 65 6f 70 6c 65 27 73 20 | 77 61 6c 6c 73 20 77 69 |eople's |walls wi|
|00000cf0| 74 68 20 73 70 72 61 79 | 70 61 69 6e 74 2c 20 74 |th spray|paint, t|
|00000d00| 65 61 72 69 6e 67 20 74 | 68 65 69 72 0a 6d 61 69 |earing t|heir.mai|
|00000d10| 6c 62 6f 78 65 73 20 6f | 66 66 2c 20 6f 72 20 6a |lboxes o|ff, or j|
|00000d20| 75 73 74 20 73 69 74 74 | 69 6e 67 20 69 6e 20 74 |ust sitt|ing in t|
|00000d30| 68 65 20 73 74 72 65 65 | 74 20 62 6c 6f 77 69 6e |he stree|t blowin|
|00000d40| 67 20 74 68 65 69 72 0a | 63 61 72 20 68 6f 72 6e |g their.|car horn|
|00000d50| 73 2e 20 53 6f 6d 65 20 | 70 65 6f 70 6c 65 20 74 |s. Some |people t|
|00000d60| 72 79 20 74 6f 20 67 65 | 74 20 72 65 61 6c 20 77 |ry to ge|t real w|
|00000d70| 6f 72 6b 20 64 6f 6e 65 | 20 6f 76 65 72 20 74 68 |ork done| over th|
|00000d80| 65 0a 49 6e 74 65 72 6e | 65 74 2c 20 61 6e 64 20 |e.Intern|et, and |
|00000d90| 6f 74 68 65 72 73 20 68 | 61 76 65 20 73 65 6e 73 |others h|ave sens|
|00000da0| 69 74 69 76 65 20 6f 72 | 20 70 72 6f 70 72 69 65 |itive or| proprie|
|00000db0| 74 61 72 79 20 64 61 74 | 61 20 74 68 65 79 0a 6d |tary dat|a they.m|
|00000dc0| 75 73 74 20 70 72 6f 74 | 65 63 74 2e 20 41 20 66 |ust prot|ect. A f|
|00000dd0| 69 72 65 77 61 6c 6c 27 | 73 20 70 75 72 70 6f 73 |irewall'|s purpos|
|00000de0| 65 20 69 73 20 74 6f 20 | 6b 65 65 70 20 74 68 65 |e is to |keep the|
|00000df0| 20 6a 65 72 6b 73 20 6f | 75 74 0a 6f 66 20 79 6f | jerks o|ut.of yo|
|00000e00| 75 72 20 6e 65 74 77 6f | 72 6b 20 77 68 69 6c 65 |ur netwo|rk while|
|00000e10| 20 73 74 69 6c 6c 20 6c | 65 74 74 69 6e 67 20 79 | still l|etting y|
|00000e20| 6f 75 20 67 65 74 20 79 | 6f 75 72 20 6a 6f 62 20 |ou get y|our job |
|00000e30| 64 6f 6e 65 2e 0a 0a 4d | 61 6e 79 20 74 72 61 64 |done...M|any trad|
|00000e40| 69 74 69 6f 6e 61 6c 2d | 73 74 79 6c 65 20 63 6f |itional-|style co|
|00000e50| 72 70 6f 72 61 74 69 6f | 6e 73 20 61 6e 64 20 64 |rporatio|ns and d|
|00000e60| 61 74 61 20 63 65 6e 74 | 65 72 73 20 68 61 76 65 |ata cent|ers have|
|00000e70| 0a 63 6f 6d 70 75 74 69 | 6e 67 20 73 65 63 75 72 |.computi|ng secur|
|00000e80| 69 74 79 20 70 6f 6c 69 | 63 69 65 73 20 61 6e 64 |ity poli|cies and|
|00000e90| 20 70 72 61 63 74 69 63 | 65 73 20 74 68 61 74 20 | practic|es that |
|00000ea0| 6d 75 73 74 20 62 65 0a | 61 64 68 65 72 65 64 20 |must be.|adhered |
|00000eb0| 74 6f 2e 20 49 6e 20 61 | 20 63 61 73 65 20 77 68 |to. In a| case wh|
|00000ec0| 65 72 65 20 61 20 63 6f | 6d 70 61 6e 79 27 73 20 |ere a co|mpany's |
|00000ed0| 70 6f 6c 69 63 69 65 73 | 20 64 69 63 74 61 74 65 |policies| dictate|
|00000ee0| 20 68 6f 77 0a 64 61 74 | 61 20 6d 75 73 74 20 62 | how.dat|a must b|
|00000ef0| 65 20 70 72 6f 74 65 63 | 74 65 64 2c 20 61 20 66 |e protec|ted, a f|
|00000f00| 69 72 65 77 61 6c 6c 20 | 69 73 20 76 65 72 79 20 |irewall |is very |
|00000f10| 69 6d 70 6f 72 74 61 6e | 74 2c 20 73 69 6e 63 65 |importan|t, since|
|00000f20| 0a 69 74 20 69 73 20 74 | 68 65 20 65 6d 62 6f 64 |.it is t|he embod|
|00000f30| 69 6d 65 6e 74 20 6f 66 | 20 74 68 65 20 63 6f 72 |iment of| the cor|
|00000f40| 70 6f 72 61 74 65 20 70 | 6f 6c 69 63 79 2e 20 46 |porate p|olicy. F|
|00000f50| 72 65 71 75 65 6e 74 6c | 79 2c 0a 74 68 65 20 68 |requentl|y,.the h|
|00000f60| 61 72 64 65 73 74 20 70 | 61 72 74 20 6f 66 20 68 |ardest p|art of h|
|00000f70| 6f 6f 6b 69 6e 67 20 74 | 6f 20 74 68 65 20 49 6e |ooking t|o the In|
|00000f80| 74 65 72 6e 65 74 2c 20 | 69 66 20 79 6f 75 27 72 |ternet, |if you'r|
|00000f90| 65 20 61 0a 6c 61 72 67 | 65 20 63 6f 6d 70 61 6e |e a.larg|e compan|
|00000fa0| 79 2c 20 69 73 20 6e 6f | 74 20 6a 75 73 74 69 66 |y, is no|t justif|
|00000fb0| 79 69 6e 67 20 74 68 65 | 20 65 78 70 65 6e 73 65 |ying the| expense|
|00000fc0| 20 6f 72 20 65 66 66 6f | 72 74 2c 20 62 75 74 0a | or effo|rt, but.|
|00000fd0| 63 6f 6e 76 69 6e 63 69 | 6e 67 20 6d 61 6e 61 67 |convinci|ng manag|
|00000fe0| 65 6d 65 6e 74 20 74 68 | 61 74 20 69 74 27 73 20 |ement th|at it's |
|00000ff0| 73 61 66 65 20 74 6f 20 | 64 6f 20 73 6f 2e 20 41 |safe to |do so. A|
|00001000| 20 66 69 72 65 77 61 6c | 6c 0a 70 72 6f 76 69 64 | firewal|l.provid|
|00001010| 65 73 20 6e 6f 74 20 6f | 6e 6c 79 20 72 65 61 6c |es not o|nly real|
|00001020| 20 73 65 63 75 72 69 74 | 79 20 2d 20 69 74 20 6f | securit|y - it o|
|00001030| 66 74 65 6e 20 70 6c 61 | 79 73 20 61 6e 0a 69 6d |ften pla|ys an.im|
|00001040| 70 6f 72 74 61 6e 74 20 | 72 6f 6c 65 20 61 73 20 |portant |role as |
|00001050| 61 20 73 65 63 75 72 69 | 74 79 20 62 6c 61 6e 6b |a securi|ty blank|
|00001060| 65 74 20 66 6f 72 20 6d | 61 6e 61 67 65 6d 65 6e |et for m|anagemen|
|00001070| 74 2e 0a 0a 4c 61 73 74 | 6c 79 2c 20 61 20 66 69 |t...Last|ly, a fi|
|00001080| 72 65 77 61 6c 6c 20 63 | 61 6e 20 61 63 74 20 61 |rewall c|an act a|
|00001090| 73 20 79 6f 75 72 20 63 | 6f 72 70 6f 72 61 74 65 |s your c|orporate|
|000010a0| 20 22 61 6d 62 61 73 73 | 61 64 6f 72 22 20 74 6f | "ambass|ador" to|
|000010b0| 0a 74 68 65 20 49 6e 74 | 65 72 6e 65 74 2e 20 4d |.the Int|ernet. M|
|000010c0| 61 6e 79 20 63 6f 72 70 | 6f 72 61 74 69 6f 6e 73 |any corp|orations|
|000010d0| 20 75 73 65 20 74 68 65 | 69 72 20 66 69 72 65 77 | use the|ir firew|
|000010e0| 61 6c 6c 20 73 79 73 74 | 65 6d 73 0a 61 73 20 61 |all syst|ems.as a|
|000010f0| 20 70 6c 61 63 65 20 74 | 6f 20 73 74 6f 72 65 20 | place t|o store |
|00001100| 70 75 62 6c 69 63 20 69 | 6e 66 6f 72 6d 61 74 69 |public i|nformati|
|00001110| 6f 6e 20 61 62 6f 75 74 | 20 63 6f 72 70 6f 72 61 |on about| corpora|
|00001120| 74 65 0a 70 72 6f 64 75 | 63 74 73 20 61 6e 64 20 |te.produ|cts and |
|00001130| 73 65 72 76 69 63 65 73 | 2c 20 66 69 6c 65 73 20 |services|, files |
|00001140| 74 6f 20 64 6f 77 6e 6c | 6f 61 64 2c 20 62 75 67 |to downl|oad, bug|
|00001150| 2d 66 69 78 65 73 2c 20 | 61 6e 64 20 73 6f 0a 66 |-fixes, |and so.f|
|00001160| 6f 72 74 68 2e 20 53 65 | 76 65 72 61 6c 20 6f 66 |orth. Se|veral of|
|00001170| 20 74 68 65 73 65 20 73 | 79 73 74 65 6d 73 20 68 | these s|ystems h|
|00001180| 61 76 65 20 62 65 63 6f | 6d 65 20 69 6d 70 6f 72 |ave beco|me impor|
|00001190| 74 61 6e 74 20 70 61 72 | 74 73 0a 6f 66 20 74 68 |tant par|ts.of th|
|000011a0| 65 20 49 6e 74 65 72 6e | 65 74 20 73 65 72 76 69 |e Intern|et servi|
|000011b0| 63 65 20 73 74 72 75 63 | 74 75 72 65 20 28 65 2e |ce struc|ture (e.|
|000011c0| 67 2e 3a 20 55 55 6e 65 | 74 2e 75 75 2e 6e 65 74 |g.: UUne|t.uu.net|
|000011d0| 2c 0a 67 61 74 65 6b 65 | 65 70 65 72 2e 64 65 63 |,.gateke|eper.dec|
|000011e0| 2e 63 6f 6d 29 20 61 6e | 64 20 68 61 76 65 20 72 |.com) an|d have r|
|000011f0| 65 66 6c 65 63 74 65 64 | 20 77 65 6c 6c 20 6f 6e |eflected| well on|
|00001200| 20 74 68 65 69 72 0a 63 | 6f 72 70 6f 72 61 74 65 | their.c|orporate|
|00001210| 20 73 70 6f 6e 73 6f 72 | 73 2e 0a 0a 2d 2d 2d 2d | sponsor|s...----|
|00001220| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00001230| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 0a 0a 44 61 74 65 |--------|--..Date|
|00001240| 3a 20 54 68 75 20 4d 61 | 72 20 33 20 31 33 3a 32 |: Thu Ma|r 3 13:2|
|00001250| 34 3a 31 33 20 31 39 39 | 34 0a 46 72 6f 6d 3a 20 |4:13 199|4.From: |
|00001260| 46 77 61 6c 6c 73 2d 46 | 41 51 40 74 69 73 2e 63 |Fwalls-F|AQ@tis.c|
|00001270| 6f 6d 0a 53 75 62 6a 65 | 63 74 3a 20 33 3a 20 57 |om.Subje|ct: 3: W|
|00001280| 68 61 74 20 63 61 6e 20 | 61 20 66 69 72 65 77 61 |hat can |a firewa|
|00001290| 6c 6c 20 70 72 6f 74 65 | 63 74 20 61 67 61 69 6e |ll prote|ct again|
|000012a0| 73 74 3f 0a 0a 53 6f 6d | 65 20 66 69 72 65 77 61 |st?..Som|e firewa|
|000012b0| 6c 6c 73 20 70 65 72 6d | 69 74 20 6f 6e 6c 79 20 |lls perm|it only |
|000012c0| 45 6d 61 69 6c 20 74 72 | 61 66 66 69 63 20 74 68 |Email tr|affic th|
|000012d0| 72 6f 75 67 68 20 74 68 | 65 6d 2c 0a 74 68 65 72 |rough th|em,.ther|
|000012e0| 65 62 79 20 70 72 6f 74 | 65 63 74 69 6e 67 20 74 |eby prot|ecting t|
|000012f0| 68 65 20 6e 65 74 77 6f | 72 6b 20 61 67 61 69 6e |he netwo|rk again|
|00001300| 73 74 20 61 6e 79 20 61 | 74 74 61 63 6b 73 20 6f |st any a|ttacks o|
|00001310| 74 68 65 72 0a 74 68 61 | 6e 20 61 74 74 61 63 6b |ther.tha|n attack|
|00001320| 73 20 61 67 61 69 6e 73 | 74 20 74 68 65 20 45 6d |s agains|t the Em|
|00001330| 61 69 6c 20 73 65 72 76 | 69 63 65 2e 20 4f 74 68 |ail serv|ice. Oth|
|00001340| 65 72 20 66 69 72 65 77 | 61 6c 6c 73 0a 70 72 6f |er firew|alls.pro|
|00001350| 76 69 64 65 20 6c 65 73 | 73 20 73 74 72 69 63 74 |vide les|s strict|
|00001360| 20 70 72 6f 74 65 63 74 | 69 6f 6e 73 2c 20 61 6e | protect|ions, an|
|00001370| 64 20 62 6c 6f 63 6b 20 | 73 65 72 76 69 63 65 73 |d block |services|
|00001380| 20 74 68 61 74 20 61 72 | 65 0a 6b 6e 6f 77 6e 20 | that ar|e.known |
|00001390| 74 6f 20 62 65 20 70 72 | 6f 62 6c 65 6d 73 2e 0a |to be pr|oblems..|
|000013a0| 0a 47 65 6e 65 72 61 6c | 6c 79 2c 20 66 69 72 65 |.General|ly, fire|
|000013b0| 77 61 6c 6c 73 20 61 72 | 65 20 63 6f 6e 66 69 67 |walls ar|e config|
|000013c0| 75 72 65 64 20 74 6f 20 | 70 72 6f 74 65 63 74 20 |ured to |protect |
|000013d0| 61 67 61 69 6e 73 74 0a | 75 6e 61 75 74 68 65 6e |against.|unauthen|
|000013e0| 74 69 63 61 74 65 64 20 | 69 6e 74 65 72 61 63 74 |ticated |interact|
|000013f0| 69 76 65 20 6c 6f 67 69 | 6e 73 20 66 72 6f 6d 20 |ive logi|ns from |
|00001400| 74 68 65 20 22 6f 75 74 | 73 69 64 65 22 20 77 6f |the "out|side" wo|
|00001410| 72 6c 64 2e 0a 54 68 69 | 73 2c 20 6d 6f 72 65 20 |rld..Thi|s, more |
|00001420| 74 68 61 6e 20 61 6e 79 | 74 68 69 6e 67 2c 20 68 |than any|thing, h|
|00001430| 65 6c 70 73 20 70 72 65 | 76 65 6e 74 20 76 61 6e |elps pre|vent van|
|00001440| 64 61 6c 73 20 66 72 6f | 6d 20 6c 6f 67 67 69 6e |dals fro|m loggin|
|00001450| 67 0a 69 6e 74 6f 20 6d | 61 63 68 69 6e 65 73 20 |g.into m|achines |
|00001460| 6f 6e 20 79 6f 75 72 20 | 6e 65 74 77 6f 72 6b 2e |on your |network.|
|00001470| 20 4d 6f 72 65 20 65 6c | 61 62 6f 72 61 74 65 20 | More el|aborate |
|00001480| 66 69 72 65 77 61 6c 6c | 73 0a 62 6c 6f 63 6b 20 |firewall|s.block |
|00001490| 74 72 61 66 66 69 63 20 | 66 72 6f 6d 20 74 68 65 |traffic |from the|
|000014a0| 20 6f 75 74 73 69 64 65 | 20 74 6f 20 74 68 65 20 | outside| to the |
|000014b0| 69 6e 73 69 64 65 2c 20 | 62 75 74 20 70 65 72 6d |inside, |but perm|
|000014c0| 69 74 0a 75 73 65 72 73 | 20 6f 6e 20 74 68 65 20 |it.users| on the |
|000014d0| 69 6e 73 69 64 65 20 74 | 6f 20 63 6f 6d 6d 75 6e |inside t|o commun|
|000014e0| 69 63 61 74 65 20 66 72 | 65 65 6c 79 20 77 69 74 |icate fr|eely wit|
|000014f0| 68 20 74 68 65 20 6f 75 | 74 73 69 64 65 2e 0a 54 |h the ou|tside..T|
|00001500| 68 65 20 66 69 72 65 77 | 61 6c 6c 20 63 61 6e 20 |he firew|all can |
|00001510| 70 72 6f 74 65 63 74 20 | 79 6f 75 20 61 67 61 69 |protect |you agai|
|00001520| 6e 73 74 20 61 6e 79 20 | 74 79 70 65 20 6f 66 20 |nst any |type of |
|00001530| 6e 65 74 77 6f 72 6b 0a | 62 6f 72 6e 65 20 61 74 |network.|borne at|
|00001540| 74 61 63 6b 20 69 66 20 | 79 6f 75 20 75 6e 70 6c |tack if |you unpl|
|00001550| 75 67 20 69 74 2e 0a 0a | 46 69 72 65 77 61 6c 6c |ug it...|Firewall|
|00001560| 73 20 61 72 65 20 61 6c | 73 6f 20 69 6d 70 6f 72 |s are al|so impor|
|00001570| 74 61 6e 74 20 73 69 6e | 63 65 20 74 68 65 79 20 |tant sin|ce they |
|00001580| 63 61 6e 20 70 72 6f 76 | 69 64 65 20 61 20 73 69 |can prov|ide a si|
|00001590| 6e 67 6c 65 0a 22 63 68 | 6f 6b 65 20 70 6f 69 6e |ngle."ch|oke poin|
|000015a0| 74 22 20 77 68 65 72 65 | 20 73 65 63 75 72 69 74 |t" where| securit|
|000015b0| 79 20 61 6e 64 20 61 75 | 64 69 74 20 63 61 6e 20 |y and au|dit can |
|000015c0| 62 65 20 69 6d 70 6f 73 | 65 64 2e 0a 55 6e 6c 69 |be impos|ed..Unli|
|000015d0| 6b 65 20 69 6e 20 61 20 | 73 69 74 75 61 74 69 6f |ke in a |situatio|
|000015e0| 6e 20 77 68 65 72 65 20 | 61 20 63 6f 6d 70 75 74 |n where |a comput|
|000015f0| 65 72 20 73 79 73 74 65 | 6d 20 69 73 20 62 65 69 |er syste|m is bei|
|00001600| 6e 67 20 61 74 74 61 63 | 6b 65 64 0a 62 79 20 73 |ng attac|ked.by s|
|00001610| 6f 6d 65 6f 6e 65 20 64 | 69 61 6c 69 6e 67 20 69 |omeone d|ialing i|
|00001620| 6e 20 77 69 74 68 20 61 | 20 6d 6f 64 65 6d 2c 20 |n with a| modem, |
|00001630| 74 68 65 20 66 69 72 65 | 77 61 6c 6c 20 63 61 6e |the fire|wall can|
|00001640| 20 61 63 74 20 61 73 0a | 61 6e 20 65 66 66 65 63 | act as.|an effec|
|00001650| 74 69 76 65 20 22 70 68 | 6f 6e 65 20 74 61 70 22 |tive "ph|one tap"|
|00001660| 20 61 6e 64 20 74 72 61 | 63 69 6e 67 20 74 6f 6f | and tra|cing too|
|00001670| 6c 2e 0a 0a 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |l...----|--------|
|00001680| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00001690| 2d 2d 0a 0a 44 61 74 65 | 3a 20 54 68 75 20 4d 61 |--..Date|: Thu Ma|
|000016a0| 72 20 33 20 31 34 3a 30 | 32 3a 30 37 20 31 39 39 |r 3 14:0|2:07 199|
|000016b0| 34 0a 46 72 6f 6d 3a 20 | 46 77 61 6c 6c 73 2d 46 |4.From: |Fwalls-F|
|000016c0| 41 51 40 74 69 73 2e 63 | 6f 6d 0a 53 75 62 6a 65 |AQ@tis.c|om.Subje|
|000016d0| 63 74 3a 20 34 3a 20 57 | 68 61 74 20 63 61 6e 27 |ct: 4: W|hat can'|
|000016e0| 74 20 61 20 66 69 72 65 | 77 61 6c 6c 20 70 72 6f |t a fire|wall pro|
|000016f0| 74 65 63 74 20 61 67 61 | 69 6e 73 74 3f 0a 0a 20 |tect aga|inst?.. |
|00001700| 20 20 20 20 20 20 20 46 | 69 72 65 77 61 6c 6c 73 |       F|irewalls|
|00001710| 20 63 61 6e 27 74 20 70 | 72 6f 74 65 63 74 20 61 | can't p|rotect a|
|00001720| 67 61 69 6e 73 74 20 61 | 74 74 61 63 6b 73 20 74 |gainst a|ttacks t|
|00001730| 68 61 74 20 64 6f 6e 27 | 74 0a 67 6f 20 74 68 72 |hat don'|t.go thr|
|00001740| 6f 75 67 68 20 74 68 65 | 20 66 69 72 65 77 61 6c |ough the| firewal|
|00001750| 6c 2e 20 4d 61 6e 79 20 | 63 6f 72 70 6f 72 61 74 |l. Many |corporat|
|00001760| 69 6f 6e 73 20 74 68 61 | 74 20 63 6f 6e 6e 65 63 |ions tha|t connec|
|00001770| 74 20 74 6f 0a 74 68 65 | 20 49 6e 74 65 72 6e 65 |t to.the| Interne|
|00001780| 74 20 61 72 65 20 76 65 | 72 79 20 63 6f 6e 63 65 |t are ve|ry conce|
|00001790| 72 6e 65 64 20 61 62 6f | 75 74 20 70 72 6f 70 72 |rned abo|ut propr|
|000017a0| 69 65 74 61 72 79 20 64 | 61 74 61 0a 6c 65 61 6b |ietary d|ata.leak|
|000017b0| 69 6e 67 20 6f 75 74 20 | 6f 66 20 74 68 65 20 63 |ing out |of the c|
|000017c0| 6f 6d 70 61 6e 79 20 74 | 68 72 6f 75 67 68 20 74 |ompany t|hrough t|
|000017d0| 68 61 74 20 72 6f 75 74 | 65 2e 20 55 6e 66 6f 72 |hat rout|e. Unfor|
|000017e0| 74 75 6e 61 74 65 6c 79 | 0a 66 6f 72 20 74 68 6f |tunately|.for tho|
|000017f0| 73 65 20 63 6f 6e 63 65 | 72 6e 65 64 2c 20 61 20 |se conce|rned, a |
|00001800| 6d 61 67 6e 65 74 69 63 | 20 74 61 70 65 20 63 61 |magnetic| tape ca|
|00001810| 6e 20 6a 75 73 74 20 61 | 73 20 65 66 66 65 63 74 |n just a|s effect|
|00001820| 69 76 65 6c 79 0a 62 65 | 20 75 73 65 64 20 74 6f |ively.be| used to|
|00001830| 20 65 78 70 6f 72 74 20 | 64 61 74 61 2e 20 46 69 | export |data. Fi|
|00001840| 72 65 77 61 6c 6c 20 70 | 6f 6c 69 63 69 65 73 20 |rewall p|olicies |
|00001850| 6d 75 73 74 20 62 65 20 | 72 65 61 6c 69 73 74 69 |must be |realisti|
|00001860| 63 2c 0a 61 6e 64 20 72 | 65 66 6c 65 63 74 20 74 |c,.and r|eflect t|
|00001870| 68 65 20 6c 65 76 65 6c | 20 6f 66 20 73 65 63 75 |he level| of secu|
|00001880| 72 69 74 79 20 69 6e 20 | 74 68 65 20 65 6e 74 69 |rity in |the enti|
|00001890| 72 65 20 6e 65 74 77 6f | 72 6b 2e 20 46 6f 72 0a |re netwo|rk. For.|
|000018a0| 65 78 61 6d 70 6c 65 2c | 20 61 20 73 69 74 65 20 |example,| a site |
|000018b0| 77 69 74 68 20 74 6f 70 | 20 73 65 63 72 65 74 20 |with top| secret |
|000018c0| 6f 72 20 63 6c 61 73 73 | 69 66 69 65 64 20 64 61 |or class|ified da|
|000018d0| 74 61 20 64 6f 65 73 6e | 27 74 0a 6e 65 65 64 20 |ta doesn|'t.need |
|000018e0| 61 20 66 69 72 65 77 61 | 6c 6c 20 61 74 20 61 6c |a firewa|ll at al|
|000018f0| 6c 3a 20 74 68 65 79 20 | 73 68 6f 75 6c 64 6e 27 |l: they |shouldn'|
|00001900| 74 20 62 65 20 68 6f 6f | 6b 69 6e 67 20 75 70 20 |t be hoo|king up |
|00001910| 74 6f 20 74 68 65 0a 69 | 6e 74 65 72 6e 65 74 20 |to the.i|nternet |
|00001920| 69 6e 20 74 68 65 20 66 | 69 72 73 74 20 70 6c 61 |in the f|irst pla|
|00001930| 63 65 2c 20 6f 72 20 74 | 68 65 20 73 79 73 74 65 |ce, or t|he syste|
|00001940| 6d 73 20 77 69 74 68 20 | 74 68 65 20 72 65 61 6c |ms with |the real|
|00001950| 6c 79 0a 73 65 63 72 65 | 74 20 64 61 74 61 20 73 |ly.secre|t data s|
|00001960| 68 6f 75 6c 64 20 62 65 | 20 69 73 6f 6c 61 74 65 |hould be| isolate|
|00001970| 64 20 66 72 6f 6d 20 74 | 68 65 20 72 65 73 74 20 |d from t|he rest |
|00001980| 6f 66 20 74 68 65 0a 63 | 6f 72 70 6f 72 61 74 65 |of the.c|orporate|
|00001990| 20 6e 65 74 77 6f 72 6b | 2e 0a 0a 20 20 20 20 20 | network|...     |
|000019a0| 20 20 20 20 20 20 20 46 | 69 72 65 77 61 6c 6c 73 |       F|irewalls|
|000019b0| 20 63 61 6e 27 74 20 70 | 72 6f 74 65 63 74 20 76 | can't p|rotect v|
|000019c0| 65 72 79 20 77 65 6c 6c | 20 61 67 61 69 6e 73 74 |ery well| against|
|000019d0| 20 74 68 69 6e 67 73 0a | 6c 69 6b 65 20 76 69 72 | things.|like vir|
|000019e0| 75 73 65 73 2e 20 54 68 | 65 72 65 20 61 72 65 20 |uses. Th|ere are |
|000019f0| 74 6f 6f 20 6d 61 6e 79 | 20 77 61 79 73 20 6f 66 |too many| ways of|
|00001a00| 20 65 6e 63 6f 64 69 6e | 67 20 62 69 6e 61 72 79 | encodin|g binary|
|00001a10| 0a 66 69 6c 65 73 20 66 | 6f 72 20 74 72 61 6e 73 |.files f|or trans|
|00001a20| 66 65 72 20 6f 76 65 72 | 20 6e 65 74 77 6f 72 6b |fer over| network|
|00001a30| 73 2c 20 61 6e 64 20 74 | 6f 6f 20 6d 61 6e 79 20 |s, and t|oo many |
|00001a40| 64 69 66 66 65 72 65 6e | 74 0a 61 72 63 68 69 74 |differen|t.archit|
|00001a50| 65 63 74 75 72 65 73 20 | 61 6e 64 20 76 69 72 75 |ectures |and viru|
|00001a60| 73 65 73 20 74 6f 20 74 | 72 79 20 74 6f 20 73 65 |ses to t|ry to se|
|00001a70| 61 72 63 68 20 66 6f 72 | 20 74 68 65 6d 20 61 6c |arch for| them al|
|00001a80| 6c 2e 0a 49 6e 20 6f 74 | 68 65 72 20 77 6f 72 64 |l..In ot|her word|
|00001a90| 73 2c 20 61 20 66 69 72 | 65 77 61 6c 6c 20 63 61 |s, a fir|ewall ca|
|00001aa0| 6e 6e 6f 74 20 72 65 70 | 6c 61 63 65 20 73 65 63 |nnot rep|lace sec|
|00001ab0| 75 72 69 74 79 2d 0a 63 | 6f 6e 73 63 69 6f 75 73 |urity-.c|onscious|
|00001ac0| 6e 65 73 73 20 6f 6e 20 | 74 68 65 20 70 61 72 74 |ness on |the part|
|00001ad0| 20 6f 66 20 79 6f 75 72 | 20 75 73 65 72 73 2e 20 | of your| users. |
|00001ae0| 49 6e 20 67 65 6e 65 72 | 61 6c 2c 20 61 20 66 69 |In gener|al, a fi|
|00001af0| 72 65 77 61 6c 6c 0a 63 | 61 6e 6e 6f 74 20 70 72 |rewall.c|annot pr|
|00001b00| 6f 74 65 63 74 20 61 67 | 61 69 6e 73 74 20 61 20 |otect ag|ainst a |
|00001b10| 64 61 74 61 2d 64 72 69 | 76 65 6e 20 61 74 74 61 |data-dri|ven atta|
|00001b20| 63 6b 20 2d 2d 20 61 74 | 74 61 63 6b 73 20 69 6e |ck -- at|tacks in|
|00001b30| 20 77 68 69 63 68 0a 73 | 6f 6d 65 74 68 69 6e 67 | which.s|omething|
|00001b40| 20 69 73 20 6d 61 69 6c | 65 64 20 6f 72 20 63 6f | is mail|ed or co|
|00001b50| 70 69 65 64 20 74 6f 20 | 61 6e 20 69 6e 74 65 72 |pied to |an inter|
|00001b60| 6e 61 6c 20 68 6f 73 74 | 20 77 68 65 72 65 20 69 |nal host| where i|
|00001b70| 74 20 69 73 0a 74 68 65 | 6e 20 65 78 65 63 75 74 |t is.the|n execut|
|00001b80| 65 64 2e 20 54 68 69 73 | 20 66 6f 72 6d 20 6f 66 |ed. This| form of|
|00001b90| 20 61 74 74 61 63 6b 20 | 68 61 73 20 6f 63 63 75 | attack |has occu|
|00001ba0| 72 72 65 64 20 69 6e 20 | 74 68 65 20 70 61 73 74 |rred in |the past|
|00001bb0| 0a 61 67 61 69 6e 73 74 | 20 76 61 72 69 6f 75 73 |.against| various|
|00001bc0| 20 76 65 72 73 69 6f 6e | 73 20 6f 66 20 53 65 6e | version|s of Sen|
|00001bd0| 64 6d 61 69 6c 2e 0a 0a | 2d 2d 2d 2d 2d 2d 2d 2d |dmail...|--------|
|00001be0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00001bf0| 2d 2d 2d 2d 2d 2d 0a 0a | 44 61 74 65 3a 20 54 68 |------..|Date: Th|
|00001c00| 75 20 4d 61 72 20 32 34 | 20 31 33 3a 34 36 3a 33 |u Mar 24| 13:46:3|
|00001c10| 32 20 31 39 39 34 0a 46 | 72 6f 6d 3a 20 46 77 61 |2 1994.F|rom: Fwa|
|00001c20| 6c 6c 73 2d 46 41 51 40 | 74 69 73 2e 63 6f 6d 0a |lls-FAQ@|tis.com.|
|00001c30| 53 75 62 6a 65 63 74 3a | 20 35 3a 20 57 68 61 74 |Subject:| 5: What|
|00001c40| 20 61 72 65 20 67 6f 6f | 64 20 73 6f 75 72 63 65 | are goo|d source|
|00001c50| 73 20 6f 66 20 70 72 69 | 6e 74 20 69 6e 66 6f 72 |s of pri|nt infor|
|00001c60| 6d 61 74 69 6f 6e 20 6f | 6e 20 66 69 72 65 77 61 |mation o|n firewa|
|00001c70| 6c 6c 73 3f 0a 0a 54 68 | 65 72 65 20 61 72 65 20 |lls?..Th|ere are |
|00001c80| 73 65 76 65 72 61 6c 20 | 62 6f 6f 6b 73 20 74 68 |several |books th|
|00001c90| 61 74 20 74 6f 75 63 68 | 20 6f 6e 20 66 69 72 65 |at touch| on fire|
|00001ca0| 77 61 6c 6c 73 2e 20 54 | 68 65 20 62 65 73 74 0a |walls. T|he best.|
|00001cb0| 6b 6e 6f 77 6e 20 61 72 | 65 3a 0a 0a 43 68 65 73 |known ar|e:..Ches|
|00001cc0| 77 69 63 6b 20 61 6e 64 | 20 42 65 6c 6c 6f 76 69 |wick and| Bellovi|
|00001cd0| 6e 2c 20 22 46 69 72 65 | 77 61 6c 6c 73 20 61 6e |n, "Fire|walls an|
|00001ce0| 64 20 49 6e 74 65 72 6e | 65 74 20 53 65 63 75 72 |d Intern|et Secur|
|00001cf0| 69 74 79 3a 0a 52 65 70 | 65 6c 6c 69 6e 67 20 74 |ity:.Rep|elling t|
|00001d00| 68 65 20 57 69 6c 79 20 | 48 61 63 6b 65 72 22 20 |he Wily |Hacker" |
|00001d10| 20 41 64 64 69 73 6f 6e | 2d 57 65 73 6c 65 79 2c | Addison|-Wesley,|
|00001d20| 20 3f 3f 2c 20 31 39 39 | 34 0a 0a 47 61 72 66 69 | ??, 199|4..Garfi|
|00001d30| 6e 6b 65 6c 20 20 61 6e | 64 20 53 70 61 66 66 6f |nkel  an|d Spaffo|
|00001d40| 72 64 2c 20 22 50 72 61 | 63 74 69 63 61 6c 20 55 |rd, "Pra|ctical U|
|00001d50| 4e 49 58 20 53 65 63 75 | 72 69 74 79 22 20 20 4f |NIX Secu|rity"  O|
|00001d60| 27 52 65 69 6c 6c 79 0a | 61 6e 64 20 61 73 73 6f |'Reilly.|and asso|
|00001d70| 63 69 61 74 65 73 20 28 | 64 69 73 63 75 73 73 65 |ciates (|discusse|
|00001d80| 73 20 70 72 69 6d 61 72 | 69 6c 79 20 68 6f 73 74 |s primar|ily host|
|00001d90| 20 73 65 63 75 72 69 74 | 79 29 0a 0a 52 65 6c 61 | securit|y)..Rela|
|00001da0| 74 65 64 20 72 65 66 65 | 72 65 6e 63 65 73 20 61 |ted refe|rences a|
|00001db0| 72 65 3a 0a 0a 43 6f 6d | 65 72 20 61 6e 64 20 53 |re:..Com|er and S|
|00001dc0| 74 65 76 65 6e 73 2c 20 | 22 49 6e 74 65 72 6e 65 |tevens, |"Interne|
|00001dd0| 74 77 6f 72 6b 69 6e 67 | 20 77 69 74 68 20 54 43 |tworking| with TC|
|00001de0| 50 2f 49 50 22 20 50 72 | 65 6e 74 69 63 65 20 48 |P/IP" Pr|entice H|
|00001df0| 61 6c 6c 2c 20 31 39 39 | 31 0a 0a 43 75 72 72 79 |all, 199|1..Curry|
|00001e00| 2c 20 22 55 4e 49 58 20 | 53 79 73 74 65 6d 20 53 |, "UNIX |System S|
|00001e10| 65 63 75 72 69 74 79 22 | 20 41 64 64 69 73 6f 6e |ecurity"| Addison|
|00001e20| 20 57 65 73 6c 65 79 2c | 20 31 39 39 32 0a 0a 2d | Wesley,| 1992..-|
|00001e30| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00001e40| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 0a 0a 44 |--------|-----..D|
|00001e50| 61 74 65 3a 20 54 68 75 | 20 4d 61 72 20 33 20 31 |ate: Thu| Mar 3 1|
|00001e60| 33 3a 34 38 3a 31 34 20 | 31 39 39 34 0a 46 72 6f |3:48:14 |1994.Fro|
|00001e70| 6d 3a 20 46 77 61 6c 6c | 73 2d 46 41 51 40 74 69 |m: Fwall|s-FAQ@ti|
|00001e80| 73 2e 63 6f 6d 0a 53 75 | 62 6a 65 63 74 3a 20 36 |s.com.Su|bject: 6|
|00001e90| 3a 20 57 68 65 72 65 20 | 63 61 6e 20 49 20 67 65 |: Where |can I ge|
|00001ea0| 74 20 6d 6f 72 65 20 69 | 6e 66 6f 72 6d 61 74 69 |t more i|nformati|
|00001eb0| 6f 6e 20 6f 6e 20 66 69 | 72 65 77 61 6c 6c 73 20 |on on fi|rewalls |
|00001ec0| 6f 6e 20 74 68 65 20 6e | 65 74 77 6f 72 6b 3f 0a |on the n|etwork?.|
|00001ed0| 0a 46 74 70 2e 67 72 65 | 61 74 63 69 72 63 6c 65 |.Ftp.gre|atcircle|
|00001ee0| 2e 63 6f 6d 20 2d 20 46 | 69 72 65 77 61 6c 6c 73 |.com - F|irewalls|
|00001ef0| 20 6d 61 69 6c 69 6e 67 | 20 6c 69 73 74 20 61 72 | mailing| list ar|
|00001f00| 63 68 69 76 65 73 2e 0a | 09 09 44 69 72 65 63 74 |chives..|..Direct|
|00001f10| 6f 72 79 3a 20 70 75 62 | 2f 66 69 72 65 77 61 6c |ory: pub|/firewal|
|00001f20| 6c 73 0a 0a 46 74 70 2e | 74 69 73 2e 63 6f 6d 20 |ls..Ftp.|tis.com |
|00001f30| 2d 20 49 6e 74 65 72 6e | 65 74 20 66 69 72 65 77 |- Intern|et firew|
|00001f40| 61 6c 6c 20 74 6f 6f 6c | 6b 69 74 20 61 6e 64 20 |all tool|kit and |
|00001f50| 70 61 70 65 72 73 2e 0a | 09 09 44 69 72 65 63 74 |papers..|..Direct|
|00001f60| 6f 72 79 3a 20 70 75 62 | 2f 66 69 72 65 77 61 6c |ory: pub|/firewal|
|00001f70| 6c 73 0a 0a 52 65 73 65 | 61 72 63 68 2e 61 74 74 |ls..Rese|arch.att|
|00001f80| 2e 63 6f 6d 20 2d 20 50 | 61 70 65 72 73 20 6f 6e |.com - P|apers on|
|00001f90| 20 66 69 72 65 77 61 6c | 6c 73 20 61 6e 64 20 62 | firewal|ls and b|
|00001fa0| 72 65 61 6b 69 6e 73 2e | 0a 09 09 44 69 72 65 63 |reakins.|...Direc|
|00001fb0| 74 6f 72 79 3a 20 64 69 | 73 74 2f 69 6e 74 65 72 |tory: di|st/inter|
|00001fc0| 6e 65 74 5f 73 65 63 75 | 72 69 74 79 0a 0a 4e 65 |net_secu|rity..Ne|
|00001fd0| 74 2e 54 61 6d 75 2e 65 | 64 75 20 2d 20 54 65 78 |t.Tamu.e|du - Tex|
|00001fe0| 61 73 20 41 4d 55 20 73 | 65 63 75 72 69 74 79 20 |as AMU s|ecurity |
|00001ff0| 74 6f 6f 6c 73 2e 0a 09 | 09 44 69 72 65 63 74 6f |tools...|.Directo|
|00002000| 72 79 3a 20 70 75 62 2f | 73 65 63 75 72 69 74 79 |ry: pub/|security|
|00002010| 2f 54 41 4d 55 0a 0a 09 | 54 68 65 20 69 6e 74 65 |/TAMU...|The inte|
|00002020| 72 6e 65 74 20 66 69 72 | 65 77 61 6c 6c 73 20 6d |rnet fir|ewalls m|
|00002030| 61 69 6c 69 6e 67 20 6c | 69 73 74 20 69 73 20 61 |ailing l|ist is a|
|00002040| 20 66 6f 72 75 6d 20 66 | 6f 72 20 66 69 72 65 77 | forum f|or firew|
|00002050| 61 6c 6c 0a 61 64 6d 69 | 6e 69 73 74 72 61 74 6f |all.admi|nistrato|
|00002060| 72 73 20 61 6e 64 20 69 | 6d 70 6c 65 6d 65 6e 74 |rs and i|mplement|
|00002070| 6f 72 73 2e 20 54 6f 20 | 73 75 62 73 63 72 69 62 |ors. To |subscrib|
|00002080| 65 20 74 6f 20 46 69 72 | 65 77 61 6c 6c 73 2c 20 |e to Fir|ewalls, |
|00002090| 73 65 6e 64 0a 22 73 75 | 62 73 63 72 69 62 65 20 |send."su|bscribe |
|000020a0| 66 69 72 65 77 61 6c 6c | 73 22 0a 69 6e 20 74 68 |firewall|s".in th|
|000020b0| 65 20 62 6f 64 79 20 6f | 66 20 61 20 6d 65 73 73 |e body o|f a mess|
|000020c0| 61 67 65 20 28 6e 6f 74 | 20 6f 6e 20 74 68 65 20 |age (not| on the |
|000020d0| 22 53 75 62 6a 65 63 74 | 3a 22 20 6c 69 6e 65 29 |"Subject|:" line)|
|000020e0| 20 74 6f 0a 22 4d 61 6a | 6f 72 64 6f 6d 6f 40 47 | to."Maj|ordomo@G|
|000020f0| 72 65 61 74 43 69 72 63 | 6c 65 2e 43 4f 4d 22 2e |reatCirc|le.COM".|
|00002100| 20 41 72 63 68 69 76 65 | 73 20 6f 66 20 70 61 73 | Archive|s of pas|
|00002110| 74 20 46 69 72 65 77 61 | 6c 6c 73 20 70 6f 73 74 |t Firewa|lls post|
|00002120| 69 6e 67 73 20 61 72 65 | 0a 61 76 61 69 6c 61 62 |ings are|.availab|
|00002130| 6c 65 20 66 6f 72 20 61 | 6e 6f 6e 79 6d 6f 75 73 |le for a|nonymous|
|00002140| 20 46 54 50 20 66 72 6f | 6d 20 66 74 70 2e 67 72 | FTP fro|m ftp.gr|
|00002150| 65 61 74 63 69 72 63 6c | 65 2e 63 6f 6d 20 69 6e |eatcircl|e.com in|
|00002160| 20 70 75 62 2f 66 69 72 | 65 77 61 6c 6c 73 2f 61 | pub/fir|ewalls/a|
|00002170| 72 63 68 69 76 65 0a 0a | 2d 2d 2d 2d 2d 2d 2d 2d |rchive..|--------|
|00002180| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00002190| 2d 2d 2d 2d 2d 2d 0a 0a | 44 61 74 65 3a 20 54 68 |------..|Date: Th|
|000021a0| 75 20 4d 61 72 20 33 20 | 31 32 3a 33 38 3a 31 30 |u Mar 3 |12:38:10|
|000021b0| 20 31 39 39 34 0a 46 72 | 6f 6d 3a 20 46 77 61 6c | 1994.Fr|om: Fwal|
|000021c0| 6c 73 2d 46 41 51 40 74 | 69 73 2e 63 6f 6d 0a 53 |ls-FAQ@t|is.com.S|
|000021d0| 75 62 6a 65 63 74 3a 20 | 37 3a 20 57 68 61 74 20 |ubject: |7: What |
|000021e0| 61 72 65 20 73 6f 6d 65 | 20 63 6f 6d 6d 65 72 63 |are some| commerc|
|000021f0| 69 61 6c 20 70 72 6f 64 | 75 63 74 73 20 6f 72 20 |ial prod|ucts or |
|00002200| 63 6f 6e 73 75 6c 74 61 | 6e 74 73 20 77 68 6f 20 |consulta|nts who |
|00002210| 73 65 6c 6c 2f 73 65 72 | 76 69 63 65 20 66 69 72 |sell/ser|vice fir|
|00002220| 65 77 61 6c 6c 73 3f 0a | 0a 57 65 20 66 65 65 6c |ewalls?.|.We feel|
|00002230| 20 74 68 69 73 20 74 6f | 70 69 63 20 69 73 20 74 | this to|pic is t|
|00002240| 6f 6f 20 73 65 6e 73 69 | 74 69 76 65 20 74 6f 20 |oo sensi|tive to |
|00002250| 61 64 64 72 65 73 73 20 | 69 6e 20 61 20 46 41 51 |address |in a FAQ|
|00002260| 2c 20 61 73 0a 77 65 6c | 6c 20 61 73 20 62 65 69 |, as.wel|l as bei|
|00002270| 6e 67 20 64 69 66 66 69 | 63 75 6c 74 20 74 6f 20 |ng diffi|cult to |
|00002280| 6d 61 69 6e 74 61 69 6e | 20 61 6e 20 75 70 2d 74 |maintain| an up-t|
|00002290| 6f 2d 64 61 74 65 20 6c | 69 73 74 2e 0a 0a 0a 2d |o-date l|ist....-|
|000022a0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|000022b0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 0a 0a 44 |--------|-----..D|
|000022c0| 61 74 65 3a 20 54 68 75 | 20 4d 61 72 20 33 20 31 |ate: Thu| Mar 3 1|
|000022d0| 32 3a 33 38 3a 33 31 20 | 31 39 39 34 0a 46 72 6f |2:38:31 |1994.Fro|
|000022e0| 6d 3a 20 46 77 61 6c 6c | 73 2d 46 41 51 40 74 69 |m: Fwall|s-FAQ@ti|
|000022f0| 73 2e 63 6f 6d 0a 53 75 | 62 6a 65 63 74 3a 20 38 |s.com.Su|bject: 8|
|00002300| 3a 20 57 68 61 74 20 61 | 72 65 20 73 6f 6d 65 20 |: What a|re some |
|00002310| 6f 66 20 74 68 65 20 62 | 61 73 69 63 20 64 65 73 |of the b|asic des|
|00002320| 69 67 6e 20 64 65 63 69 | 73 69 6f 6e 73 20 69 6e |ign deci|sions in|
|00002330| 20 61 20 66 69 72 65 77 | 61 6c 6c 3f 0a 0a 54 68 | a firew|all?..Th|
|00002340| 65 72 65 20 61 72 65 20 | 61 20 6e 75 6d 62 65 72 |ere are |a number|
|00002350| 20 6f 66 20 62 61 73 69 | 63 20 64 65 73 69 67 6e | of basi|c design|
|00002360| 20 69 73 73 75 65 73 20 | 74 68 61 74 20 73 68 6f | issues |that sho|
|00002370| 75 6c 64 20 62 65 0a 61 | 64 64 72 65 73 73 65 64 |uld be.a|ddressed|
|00002380| 20 62 79 20 74 68 65 20 | 6c 75 63 6b 79 20 70 65 | by the |lucky pe|
|00002390| 72 73 6f 6e 20 77 68 6f | 20 68 61 73 20 62 65 65 |rson who| has bee|
|000023a0| 6e 20 74 61 73 6b 65 64 | 20 77 69 74 68 20 74 68 |n tasked| with th|
|000023b0| 65 0a 72 65 73 70 6f 6e | 73 69 62 69 6c 69 74 79 |e.respon|sibility|
|000023c0| 20 6f 66 20 64 65 73 69 | 67 6e 69 6e 67 2c 20 73 | of desi|gning, s|
|000023d0| 70 65 63 69 66 79 69 6e | 67 2c 20 61 6e 64 20 69 |pecifyin|g, and i|
|000023e0| 6d 70 6c 65 6d 65 6e 74 | 69 6e 67 20 6f 72 0a 6f |mplement|ing or.o|
|000023f0| 76 65 72 73 65 65 69 6e | 67 20 74 68 65 20 69 6e |verseein|g the in|
|00002400| 73 74 61 6c 6c 61 74 69 | 6f 6e 20 6f 66 20 61 20 |stallati|on of a |
|00002410| 66 69 72 65 77 61 6c 6c | 2e 0a 0a 54 68 65 20 66 |firewall|...The f|
|00002420| 69 72 73 74 20 61 6e 64 | 20 6d 6f 73 74 20 69 6d |irst and| most im|
|00002430| 70 6f 72 74 61 6e 74 20 | 69 73 20 72 65 66 6c 65 |portant |is refle|
|00002440| 63 74 73 20 74 68 65 20 | 70 6f 6c 69 63 79 20 6f |cts the |policy o|
|00002450| 66 20 68 6f 77 0a 79 6f | 75 72 20 63 6f 6d 70 61 |f how.yo|ur compa|
|00002460| 6e 79 20 6f 72 20 6f 72 | 67 61 6e 69 7a 61 74 69 |ny or or|ganizati|
|00002470| 6f 6e 20 77 61 6e 74 73 | 20 74 6f 20 6f 70 65 72 |on wants| to oper|
|00002480| 61 74 65 20 74 68 65 20 | 73 79 73 74 65 6d 3a 20 |ate the |system: |
|00002490| 69 73 0a 74 68 65 20 66 | 69 72 65 77 61 6c 6c 20 |is.the f|irewall |
|000024a0| 69 6e 20 70 6c 61 63 65 | 20 74 6f 20 65 78 70 6c |in place| to expl|
|000024b0| 69 63 69 74 6c 79 20 64 | 65 6e 79 20 61 6c 6c 20 |icitly d|eny all |
|000024c0| 73 65 72 76 69 63 65 73 | 20 65 78 63 65 70 74 0a |services| except.|
|000024d0| 74 68 6f 73 65 20 63 72 | 69 74 69 63 61 6c 20 74 |those cr|itical t|
|000024e0| 6f 20 74 68 65 20 6d 69 | 73 73 69 6f 6e 20 6f 66 |o the mi|ssion of|
|000024f0| 20 63 6f 6e 6e 65 63 74 | 69 6e 67 20 74 6f 20 74 | connect|ing to t|
|00002500| 68 65 20 6e 65 74 2c 20 | 6f 72 0a 69 73 20 74 68 |he net, |or.is th|
|00002510| 65 20 66 69 72 65 77 61 | 6c 6c 20 69 6e 20 70 6c |e firewa|ll in pl|
|00002520| 61 63 65 20 74 6f 20 70 | 72 6f 76 69 64 65 20 61 |ace to p|rovide a|
|00002530| 20 6d 65 74 65 72 65 64 | 20 61 6e 64 20 61 75 64 | metered| and aud|
|00002540| 69 74 65 64 0a 6d 65 74 | 68 6f 64 20 6f 66 20 22 |ited.met|hod of "|
|00002550| 71 75 65 75 69 6e 67 22 | 20 61 63 63 65 73 73 20 |queuing"| access |
|00002560| 69 6e 20 61 20 6e 6f 6e | 2d 74 68 72 65 61 74 65 |in a non|-threate|
|00002570| 6e 69 6e 67 20 6d 61 6e | 6e 65 72 2e 0a 54 68 65 |ning man|ner..The|
|00002580| 72 65 20 61 72 65 20 64 | 65 67 72 65 65 73 20 6f |re are d|egrees o|
|00002590| 66 20 70 61 72 61 6e 6f | 69 61 20 62 65 74 77 65 |f parano|ia betwe|
|000025a0| 65 6e 20 74 68 65 73 65 | 20 70 6f 73 69 74 69 6f |en these| positio|
|000025b0| 6e 73 3b 20 74 68 65 0a | 66 69 6e 61 6c 20 73 74 |ns; the.|final st|
|000025c0| 61 6e 63 65 20 6f 66 20 | 79 6f 75 72 20 66 69 72 |ance of |your fir|
|000025d0| 65 77 61 6c 6c 20 6d 61 | 79 20 62 65 20 6d 6f 72 |ewall ma|y be mor|
|000025e0| 65 20 74 68 65 20 72 65 | 73 75 6c 74 20 6f 66 20 |e the re|sult of |
|000025f0| 61 0a 70 6f 6c 69 74 69 | 63 61 6c 20 74 68 61 6e |a.politi|cal than|
|00002600| 20 61 6e 20 65 6e 67 69 | 6e 65 65 72 69 6e 67 20 | an engi|neering |
|00002610| 64 65 63 69 73 69 6f 6e | 2e 0a 0a 54 68 65 20 73 |decision|...The s|
|00002620| 65 63 6f 6e 64 20 69 73 | 3a 20 77 68 61 74 20 6c |econd is|: what l|
|00002630| 65 76 65 6c 20 6f 66 20 | 6d 6f 6e 69 74 6f 72 69 |evel of |monitori|
|00002640| 6e 67 2c 20 72 65 64 75 | 6e 64 61 6e 63 79 2c 20 |ng, redu|ndancy, |
|00002650| 61 6e 64 0a 63 6f 6e 74 | 72 6f 6c 20 64 6f 20 79 |and.cont|rol do y|
|00002660| 6f 75 20 77 61 6e 74 3f | 20 48 61 76 69 6e 67 20 |ou want?| Having |
|00002670| 65 73 74 61 62 6c 69 73 | 68 65 64 20 74 68 65 20 |establis|hed the |
|00002680| 61 63 63 65 70 74 61 62 | 6c 65 20 72 69 73 6b 0a |acceptab|le risk.|
|00002690| 6c 65 76 65 6c 20 28 65 | 2e 67 2e 3a 20 68 6f 77 |level (e|.g.: how|
|000026a0| 20 70 61 72 61 6e 6f 69 | 64 20 79 6f 75 20 61 72 | paranoi|d you ar|
|000026b0| 65 29 20 62 79 20 72 65 | 73 6f 6c 76 69 6e 67 20 |e) by re|solving |
|000026c0| 74 68 65 20 66 69 72 73 | 74 0a 69 73 73 75 65 2c |the firs|t.issue,|
|000026d0| 20 79 6f 75 20 63 61 6e | 20 66 6f 72 6d 20 61 20 | you can| form a |
|000026e0| 63 68 65 63 6b 6c 69 73 | 74 20 6f 66 20 77 68 61 |checklis|t of wha|
|000026f0| 74 20 73 68 6f 75 6c 64 | 20 62 65 20 6d 6f 6e 69 |t should| be moni|
|00002700| 74 6f 72 65 64 2c 0a 70 | 65 72 6d 69 74 74 65 64 |tored,.p|ermitted|
|00002710| 2c 20 61 6e 64 20 64 65 | 6e 69 65 64 2e 20 49 6e |, and de|nied. In|
|00002720| 20 6f 74 68 65 72 20 77 | 6f 72 64 73 2c 20 79 6f | other w|ords, yo|
|00002730| 75 20 73 74 61 72 74 20 | 62 79 20 66 69 67 75 72 |u start |by figur|
|00002740| 69 6e 67 0a 6f 75 74 20 | 79 6f 75 72 20 6f 76 65 |ing.out |your ove|
|00002750| 72 61 6c 6c 20 6f 62 6a | 65 63 74 69 76 65 73 2c |rall obj|ectives,|
|00002760| 20 61 6e 64 20 74 68 65 | 6e 20 63 6f 6d 62 69 6e | and the|n combin|
|00002770| 65 20 61 20 6e 65 65 64 | 73 0a 61 6e 61 6c 79 73 |e a need|s.analys|
|00002780| 69 73 20 77 69 74 68 20 | 61 20 72 69 73 6b 20 61 |is with |a risk a|
|00002790| 73 73 65 73 73 6d 65 6e | 74 2c 20 61 6e 64 20 73 |ssessmen|t, and s|
|000027a0| 6f 72 74 20 74 68 65 20 | 61 6c 6d 6f 73 74 20 61 |ort the |almost a|
|000027b0| 6c 77 61 79 73 0a 63 6f | 6e 66 6c 69 63 74 69 6e |lways.co|nflictin|
|000027c0| 67 20 72 65 71 75 69 72 | 65 6d 65 6e 74 73 20 6f |g requir|ements o|
|000027d0| 75 74 20 69 6e 74 6f 20 | 61 20 6c 61 75 6e 64 72 |ut into |a laundr|
|000027e0| 79 20 6c 69 73 74 20 74 | 68 61 74 0a 73 70 65 63 |y list t|hat.spec|
|000027f0| 69 66 69 65 73 20 77 68 | 61 74 20 79 6f 75 20 70 |ifies wh|at you p|
|00002800| 6c 61 6e 20 74 6f 20 69 | 6d 70 6c 65 6d 65 6e 74 |lan to i|mplement|
|00002810| 2e 0a 0a 54 68 65 20 74 | 68 69 72 64 20 69 73 73 |...The t|hird iss|
|00002820| 75 65 20 69 73 20 66 69 | 6e 61 6e 63 69 61 6c 2e |ue is fi|nancial.|
|00002830| 20 57 65 20 63 61 6e 27 | 74 20 61 64 64 72 65 73 | We can'|t addres|
|00002840| 73 20 74 68 69 73 20 6f | 6e 65 20 68 65 72 65 0a |s this o|ne here.|
|00002850| 69 6e 20 61 6e 79 74 68 | 69 6e 67 20 62 75 74 20 |in anyth|ing but |
|00002860| 76 61 67 75 65 20 74 65 | 72 6d 73 2c 20 62 75 74 |vague te|rms, but|
|00002870| 20 69 74 27 73 20 69 6d | 70 6f 72 74 61 6e 74 20 | it's im|portant |
|00002880| 74 6f 20 74 72 79 20 74 | 6f 0a 71 75 61 6e 74 69 |to try t|o.quanti|
|00002890| 66 79 20 61 6e 79 20 70 | 72 6f 70 6f 73 65 64 20 |fy any p|roposed |
|000028a0| 73 6f 6c 75 74 69 6f 6e | 73 20 69 6e 20 74 65 72 |solution|s in ter|
|000028b0| 6d 73 20 6f 66 20 68 6f | 77 20 6d 75 63 68 20 69 |ms of ho|w much i|
|000028c0| 74 20 77 69 6c 6c 0a 63 | 6f 73 74 20 65 69 74 68 |t will.c|ost eith|
|000028d0| 65 72 20 74 6f 20 62 75 | 79 20 6f 72 20 74 6f 20 |er to bu|y or to |
|000028e0| 69 6d 70 6c 65 6d 65 6e | 74 2e 20 46 6f 72 20 65 |implemen|t. For e|
|000028f0| 78 61 6d 70 6c 65 2c 20 | 61 20 63 6f 6d 70 6c 65 |xample, |a comple|
|00002900| 74 65 0a 66 69 72 65 77 | 61 6c 6c 20 70 72 6f 64 |te.firew|all prod|
|00002910| 75 63 74 20 6d 61 79 20 | 63 6f 73 74 20 62 65 74 |uct may |cost bet|
|00002920| 77 65 65 6e 20 24 31 30 | 30 2c 30 30 30 20 61 74 |ween $10|0,000 at|
|00002930| 20 74 68 65 20 68 69 67 | 68 20 65 6e 64 2c 0a 61 | the hig|h end,.a|
|00002940| 6e 64 20 66 72 65 65 20 | 61 74 20 74 68 65 20 6c |nd free |at the l|
|00002950| 6f 77 20 65 6e 64 2e 20 | 54 68 65 20 66 72 65 65 |ow end. |The free|
|00002960| 20 6f 70 74 69 6f 6e 2c | 20 6f 66 20 64 6f 69 6e | option,| of doin|
|00002970| 67 20 73 6f 6d 65 0a 66 | 61 6e 63 79 20 63 6f 6e |g some.f|ancy con|
|00002980| 66 69 67 75 72 69 6e 67 | 20 6f 6e 20 61 20 43 69 |figuring| on a Ci|
|00002990| 73 63 6f 20 6f 72 20 73 | 69 6d 69 6c 61 72 20 72 |sco or s|imilar r|
|000029a0| 6f 75 74 65 72 20 77 69 | 6c 6c 20 63 6f 73 74 0a |outer wi|ll cost.|
|000029b0| 6e 6f 74 68 69 6e 67 20 | 62 75 74 20 73 74 61 66 |nothing |but staf|
|000029c0| 66 20 74 69 6d 65 20 61 | 6e 64 20 63 75 70 73 20 |f time a|nd cups |
|000029d0| 6f 66 20 63 6f 66 66 65 | 65 2e 20 49 6d 70 6c 65 |of coffe|e. Imple|
|000029e0| 6d 65 6e 74 69 6e 67 20 | 61 0a 68 69 67 68 20 65 |menting |a.high e|
|000029f0| 6e 64 20 66 69 72 65 77 | 61 6c 6c 20 66 72 6f 6d |nd firew|all from|
|00002a00| 20 73 63 72 61 74 63 68 | 20 6d 69 67 68 74 20 63 | scratch| might c|
|00002a10| 6f 73 74 20 73 65 76 65 | 72 61 6c 20 6d 61 6e 2d |ost seve|ral man-|
|00002a20| 0a 6d 6f 6e 74 68 73 2c | 20 77 68 69 63 68 20 6d |.months,| which m|
|00002a30| 61 79 20 65 71 75 61 74 | 65 20 74 6f 20 24 33 30 |ay equat|e to $30|
|00002a40| 2c 30 30 30 20 77 6f 72 | 74 68 20 6f 66 20 73 74 |,000 wor|th of st|
|00002a50| 61 66 66 20 73 61 6c 61 | 72 79 0a 61 6e 64 20 62 |aff sala|ry.and b|
|00002a60| 65 6e 65 66 69 74 73 2e | 20 54 68 65 20 73 79 73 |enefits.| The sys|
|00002a70| 74 65 6d 73 20 6d 61 6e | 61 67 65 6d 65 6e 74 20 |tems man|agement |
|00002a80| 6f 76 65 72 68 65 61 64 | 20 69 73 20 61 6c 73 6f |overhead| is also|
|00002a90| 20 61 0a 63 6f 6e 73 69 | 64 65 72 61 74 69 6f 6e | a.consi|deration|
|00002aa0| 2e 20 42 75 69 6c 64 69 | 6e 67 20 61 20 68 6f 6d |. Buildi|ng a hom|
|00002ab0| 65 2d 62 72 65 77 20 69 | 73 20 66 69 6e 65 2c 20 |e-brew i|s fine, |
|00002ac0| 62 75 74 20 69 74 27 73 | 0a 69 6d 70 6f 72 74 61 |but it's|.importa|
|00002ad0| 6e 74 20 74 6f 20 62 75 | 69 6c 64 20 69 74 20 73 |nt to bu|ild it s|
|00002ae0| 6f 20 74 68 61 74 20 69 | 74 20 64 6f 65 73 6e 27 |o that i|t doesn'|
|00002af0| 74 20 72 65 71 75 69 72 | 65 20 63 6f 6e 73 74 61 |t requir|e consta|
|00002b00| 6e 74 0a 61 6e 64 20 65 | 78 70 65 6e 73 69 76 65 |nt.and e|xpensive|
|00002b10| 20 66 69 64 64 6c 69 6e | 67 2d 77 69 74 68 2e 20 | fiddlin|g-with. |
|00002b20| 49 74 27 73 20 69 6d 70 | 6f 72 74 61 6e 74 2c 20 |It's imp|ortant, |
|00002b30| 69 6e 20 6f 74 68 65 72 | 20 77 6f 72 64 73 2c 0a |in other| words,.|
|00002b40| 74 6f 20 65 76 61 6c 75 | 61 74 65 20 66 69 72 65 |to evalu|ate fire|
|00002b50| 77 61 6c 6c 73 20 6e 6f | 74 20 6f 6e 6c 79 20 69 |walls no|t only i|
|00002b60| 6e 20 74 65 72 6d 73 20 | 6f 66 20 77 68 61 74 20 |n terms |of what |
|00002b70| 74 68 65 79 20 63 6f 73 | 74 0a 6e 6f 77 2c 20 62 |they cos|t.now, b|
|00002b80| 75 74 20 63 6f 6e 74 69 | 6e 75 69 6e 67 20 63 6f |ut conti|nuing co|
|00002b90| 73 74 73 20 73 75 63 68 | 20 61 73 20 73 75 70 70 |sts such| as supp|
|00002ba0| 6f 72 74 2e 0a 0a 4f 6e | 20 74 68 65 20 74 65 63 |ort...On| the tec|
|00002bb0| 68 6e 69 63 61 6c 20 73 | 69 64 65 2c 20 74 68 65 |hnical s|ide, the|
|00002bc0| 72 65 20 61 72 65 20 61 | 20 63 6f 75 70 6c 65 20 |re are a| couple |
|00002bd0| 6f 66 20 64 65 63 69 73 | 69 6f 6e 73 20 74 6f 0a |of decis|ions to.|
|00002be0| 6d 61 6b 65 2c 20 62 61 | 73 65 64 20 6f 6e 20 74 |make, ba|sed on t|
|00002bf0| 68 65 20 66 61 63 74 20 | 74 68 61 74 20 66 6f 72 |he fact |that for|
|00002c00| 20 61 6c 6c 20 70 72 61 | 63 74 69 63 61 6c 20 70 | all pra|ctical p|
|00002c10| 75 72 70 6f 73 65 73 20 | 77 68 61 74 0a 77 65 20 |urposes |what.we |
|00002c20| 61 72 65 20 74 61 6c 6b | 69 6e 67 20 61 62 6f 75 |are talk|ing abou|
|00002c30| 74 20 69 73 20 61 20 73 | 74 61 74 69 63 20 74 72 |t is a s|tatic tr|
|00002c40| 61 66 66 69 63 20 72 6f | 75 74 69 6e 67 20 73 65 |affic ro|uting se|
|00002c50| 72 76 69 63 65 0a 70 6c | 61 63 65 64 20 62 65 74 |rvice.pl|aced bet|
|00002c60| 77 65 65 6e 20 74 68 65 | 20 6e 65 74 77 6f 72 6b |ween the| network|
|00002c70| 20 73 65 72 76 69 63 65 | 20 70 72 6f 76 69 64 65 | service| provide|
|00002c80| 72 27 73 20 72 6f 75 74 | 65 72 20 61 6e 64 0a 79 |r's rout|er and.y|
|00002c90| 6f 75 72 20 69 6e 74 65 | 72 6e 61 6c 20 6e 65 74 |our inte|rnal net|
|00002ca0| 77 6f 72 6b 2e 20 54 68 | 65 20 74 72 61 66 66 69 |work. Th|e traffi|
|00002cb0| 63 20 72 6f 75 74 69 6e | 67 20 73 65 72 76 69 63 |c routin|g servic|
|00002cc0| 65 20 6d 61 79 20 62 65 | 0a 69 6d 70 6c 65 6d 65 |e may be|.impleme|
|00002cd0| 6e 74 65 64 20 61 74 20 | 61 6e 20 49 50 20 6c 65 |nted at |an IP le|
|00002ce0| 76 65 6c 20 76 69 61 20 | 73 6f 6d 65 74 68 69 6e |vel via |somethin|
|00002cf0| 67 20 6c 69 6b 65 20 73 | 63 72 65 65 6e 69 6e 67 |g like s|creening|
|00002d00| 0a 72 75 6c 65 73 20 69 | 6e 20 61 20 72 6f 75 74 |.rules i|n a rout|
|00002d10| 65 72 2c 20 6f 72 20 61 | 74 20 61 6e 20 61 70 70 |er, or a|t an app|
|00002d20| 6c 69 63 61 74 69 6f 6e | 20 6c 65 76 65 6c 20 76 |lication| level v|
|00002d30| 69 61 20 70 72 6f 78 79 | 0a 67 61 74 65 77 61 79 |ia proxy|.gateway|
|00002d40| 73 20 61 6e 64 20 73 65 | 72 76 69 63 65 73 2e 0a |s and se|rvices..|
|00002d50| 0a 54 68 65 20 64 65 63 | 69 73 69 6f 6e 20 74 6f |.The dec|ision to|
|00002d60| 20 6d 61 6b 65 20 68 65 | 72 65 20 69 73 20 77 68 | make he|re is wh|
|00002d70| 65 74 68 65 72 20 74 6f | 20 70 6c 61 63 65 20 61 |ether to| place a|
|00002d80| 6e 20 65 78 70 6f 73 65 | 64 0a 73 74 72 69 70 70 |n expose|d.stripp|
|00002d90| 65 64 2d 64 6f 77 6e 20 | 6d 61 63 68 69 6e 65 20 |ed-down |machine |
|00002da0| 6f 6e 20 74 68 65 20 6f | 75 74 73 69 64 65 20 6e |on the o|utside n|
|00002db0| 65 74 77 6f 72 6b 20 74 | 6f 20 72 75 6e 20 70 72 |etwork t|o run pr|
|00002dc0| 6f 78 79 0a 73 65 72 76 | 69 63 65 73 20 66 6f 72 |oxy.serv|ices for|
|00002dd0| 20 74 65 6c 6e 65 74 2c | 20 66 74 70 2c 20 6e 65 | telnet,| ftp, ne|
|00002de0| 77 73 2c 20 65 74 63 2e | 2c 20 6f 72 20 77 68 65 |ws, etc.|, or whe|
|00002df0| 74 68 65 72 20 74 6f 20 | 73 65 74 20 75 70 20 61 |ther to |set up a|
|00002e00| 0a 73 63 72 65 65 6e 69 | 6e 67 20 72 6f 75 74 65 |.screeni|ng route|
|00002e10| 72 20 61 73 20 61 20 66 | 69 6c 74 65 72 2c 20 70 |r as a f|ilter, p|
|00002e20| 65 72 6d 69 74 74 69 6e | 67 20 63 6f 6d 6d 75 6e |ermittin|g commun|
|00002e30| 69 63 61 74 69 6f 6e 20 | 77 69 74 68 0a 6f 6e 65 |ication |with.one|
|00002e40| 20 6f 72 20 6d 6f 72 65 | 20 69 6e 74 65 72 6e 61 | or more| interna|
|00002e50| 6c 20 6d 61 63 68 69 6e | 65 73 2e 20 54 68 65 72 |l machin|es. Ther|
|00002e60| 65 20 61 72 65 20 70 6c | 75 73 73 65 73 20 61 6e |e are pl|usses an|
|00002e70| 64 20 6d 69 6e 75 73 65 | 73 0a 74 6f 20 62 6f 74 |d minuse|s.to bot|
|00002e80| 68 20 61 70 70 72 6f 61 | 63 68 65 73 2c 20 77 69 |h approa|ches, wi|
|00002e90| 74 68 20 74 68 65 20 70 | 72 6f 78 79 20 6d 61 63 |th the p|roxy mac|
|00002ea0| 68 69 6e 65 20 70 72 6f | 76 69 64 69 6e 67 20 61 |hine pro|viding a|
|00002eb0| 0a 67 72 65 61 74 65 72 | 20 6c 65 76 65 6c 20 6f |.greater| level o|
|00002ec0| 66 20 61 75 64 69 74 20 | 61 6e 64 20 70 6f 74 65 |f audit |and pote|
|00002ed0| 6e 74 69 61 6c 6c 79 20 | 73 65 63 75 72 69 74 79 |ntially |security|
|00002ee0| 20 69 6e 20 72 65 74 75 | 72 6e 0a 66 6f 72 20 69 | in retu|rn.for i|
|00002ef0| 6e 63 72 65 61 73 65 64 | 20 63 6f 73 74 20 69 6e |ncreased| cost in|
|00002f00| 20 63 6f 6e 66 69 67 75 | 72 61 74 69 6f 6e 20 61 | configu|ration a|
|00002f10| 6e 64 20 61 20 64 65 63 | 72 65 61 73 65 20 69 6e |nd a dec|rease in|
|00002f20| 20 74 68 65 0a 6c 65 76 | 65 6c 20 6f 66 20 73 65 | the.lev|el of se|
|00002f30| 72 76 69 63 65 20 74 68 | 61 74 20 6d 61 79 20 62 |rvice th|at may b|
|00002f40| 65 20 70 72 6f 76 69 64 | 65 64 20 28 73 69 6e 63 |e provid|ed (sinc|
|00002f50| 65 20 61 20 70 72 6f 78 | 79 20 6e 65 65 64 73 0a |e a prox|y needs.|
|00002f60| 74 6f 20 62 65 20 64 65 | 76 65 6c 6f 70 65 64 20 |to be de|veloped |
|00002f70| 66 6f 72 20 65 61 63 68 | 20 64 65 73 69 72 65 64 |for each| desired|
|00002f80| 20 73 65 72 76 69 63 65 | 29 2e 20 54 68 65 20 6f | service|). The o|
|00002f90| 6c 64 20 74 72 61 64 65 | 2d 6f 66 66 0a 62 65 74 |ld trade|-off.bet|
|00002fa0| 77 65 65 6e 20 65 61 73 | 65 2d 6f 66 2d 75 73 65 |ween eas|e-of-use|
|00002fb0| 20 61 6e 64 20 73 65 63 | 75 72 69 74 79 20 63 6f | and sec|urity co|
|00002fc0| 6d 65 73 20 62 61 63 6b | 20 74 6f 20 68 61 75 6e |mes back| to haun|
|00002fd0| 74 20 75 73 20 77 69 74 | 68 0a 61 20 76 65 6e 67 |t us wit|h.a veng|
|00002fe0| 65 61 6e 63 65 2e 0a 0a | 2d 2d 2d 2d 2d 2d 2d 2d |eance...|--------|
|00002ff0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00003000| 2d 2d 2d 2d 2d 2d 0a 0a | 44 61 74 65 3a 20 54 68 |------..|Date: Th|
|00003010| 75 20 4d 61 72 20 31 30 | 20 31 36 3a 35 36 3a 33 |u Mar 10| 16:56:3|
|00003020| 35 20 31 39 39 34 0a 46 | 72 6f 6d 3a 20 46 77 61 |5 1994.F|rom: Fwa|
|00003030| 6c 6c 73 2d 46 41 51 40 | 74 69 73 2e 63 6f 6d 0a |lls-FAQ@|tis.com.|
|00003040| 53 75 62 6a 65 63 74 3a | 20 39 3a 20 57 68 61 74 |Subject:| 9: What|
|00003050| 20 61 72 65 20 70 72 6f | 78 79 20 73 65 72 76 65 | are pro|xy serve|
|00003060| 72 73 20 61 6e 64 20 68 | 6f 77 20 64 6f 20 74 68 |rs and h|ow do th|
|00003070| 65 79 20 77 6f 72 6b 3f | 0a 0a 41 20 70 72 6f 78 |ey work?|..A prox|
|00003080| 79 20 73 65 72 76 65 72 | 20 28 73 6f 6d 65 74 69 |y server| (someti|
|00003090| 6d 65 73 20 72 65 66 65 | 72 72 65 64 20 74 6f 20 |mes refe|rred to |
|000030a0| 61 73 20 61 6e 20 61 70 | 70 6c 69 63 61 74 69 6f |as an ap|plicatio|
|000030b0| 6e 0a 67 61 74 65 77 61 | 79 20 6f 72 20 66 6f 72 |n.gatewa|y or for|
|000030c0| 77 61 72 64 65 72 29 20 | 69 73 20 61 6e 20 61 70 |warder) |is an ap|
|000030d0| 70 6c 69 63 61 74 69 6f | 6e 20 74 68 61 74 20 6d |plicatio|n that m|
|000030e0| 65 64 69 61 74 65 73 0a | 74 72 61 66 66 69 63 20 |ediates.|traffic |
|000030f0| 62 65 74 77 65 65 6e 20 | 61 20 70 72 6f 74 65 63 |between |a protec|
|00003100| 74 65 64 20 6e 65 74 77 | 6f 72 6b 20 61 6e 64 20 |ted netw|ork and |
|00003110| 74 68 65 20 49 6e 74 65 | 72 6e 65 74 2e 0a 50 72 |the Inte|rnet..Pr|
|00003120| 6f 78 69 65 73 20 61 72 | 65 20 6f 66 74 65 6e 20 |oxies ar|e often |
|00003130| 75 73 65 64 20 69 6e 73 | 74 65 61 64 20 6f 66 20 |used ins|tead of |
|00003140| 72 6f 75 74 65 72 2d 62 | 61 73 65 64 20 74 72 61 |router-b|ased tra|
|00003150| 66 66 69 63 0a 63 6f 6e | 74 72 6f 6c 73 2c 20 74 |ffic.con|trols, t|
|00003160| 6f 20 70 72 65 76 65 6e | 74 20 74 72 61 66 66 69 |o preven|t traffi|
|00003170| 63 20 66 72 6f 6d 20 70 | 61 73 73 69 6e 67 20 64 |c from p|assing d|
|00003180| 69 72 65 63 74 6c 79 20 | 62 65 74 77 65 65 6e 0a |irectly |between.|
|00003190| 6e 65 74 77 6f 72 6b 73 | 2e 20 4d 61 6e 79 20 70 |networks|. Many p|
|000031a0| 72 6f 78 69 65 73 20 63 | 6f 6e 74 61 69 6e 20 65 |roxies c|ontain e|
|000031b0| 78 74 72 61 20 6c 6f 67 | 67 69 6e 67 20 6f 72 20 |xtra log|ging or |
|000031c0| 73 75 70 70 6f 72 74 20 | 66 6f 72 0a 75 73 65 72 |support |for.user|
|000031d0| 20 61 75 74 68 65 6e 74 | 69 63 61 74 69 6f 6e 2e | authent|ication.|
|000031e0| 20 53 69 6e 63 65 20 70 | 72 6f 78 69 65 73 20 6d | Since p|roxies m|
|000031f0| 75 73 74 20 22 75 6e 64 | 65 72 73 74 61 6e 64 22 |ust "und|erstand"|
|00003200| 20 74 68 65 0a 61 70 70 | 6c 69 63 61 74 69 6f 6e | the.app|lication|
|00003210| 20 70 72 6f 74 6f 63 6f | 6c 20 62 65 69 6e 67 20 | protoco|l being |
|00003220| 75 73 65 64 2c 20 74 68 | 65 79 20 63 61 6e 20 61 |used, th|ey can a|
|00003230| 6c 73 6f 20 69 6d 70 6c | 65 6d 65 6e 74 0a 70 72 |lso impl|ement.pr|
|00003240| 6f 74 6f 63 6f 6c 20 73 | 70 65 63 69 66 69 63 20 |otocol s|pecific |
|00003250| 73 65 63 75 72 69 74 79 | 20 28 65 2e 67 2e 2c 20 |security| (e.g., |
|00003260| 61 6e 20 46 54 50 20 70 | 72 6f 78 79 20 6d 69 67 |an FTP p|roxy mig|
|00003270| 68 74 20 62 65 0a 63 6f | 6e 66 69 67 75 72 61 62 |ht be.co|nfigurab|
|00003280| 6c 65 20 74 6f 20 70 65 | 72 6d 69 74 20 69 6e 63 |le to pe|rmit inc|
|00003290| 6f 6d 69 6e 67 20 46 54 | 50 20 61 6e 64 20 62 6c |oming FT|P and bl|
|000032a0| 6f 63 6b 20 6f 75 74 67 | 6f 69 6e 67 0a 46 54 50 |ock outg|oing.FTP|
|000032b0| 29 2e 0a 0a 50 72 6f 78 | 79 20 73 65 72 76 65 72 |)...Prox|y server|
|000032c0| 73 20 61 72 65 20 61 70 | 70 6c 69 63 61 74 69 6f |s are ap|plicatio|
|000032d0| 6e 20 73 70 65 63 69 66 | 69 63 2e 20 49 6e 20 6f |n specif|ic. In o|
|000032e0| 72 64 65 72 20 74 6f 20 | 73 75 70 70 6f 72 74 0a |rder to |support.|
|000032f0| 61 20 6e 65 77 20 70 72 | 6f 74 6f 63 6f 6c 20 76 |a new pr|otocol v|
|00003300| 69 61 20 61 20 70 72 6f | 78 79 2c 20 61 20 70 72 |ia a pro|xy, a pr|
|00003310| 6f 78 79 20 6d 75 73 74 | 20 62 65 20 64 65 76 65 |oxy must| be deve|
|00003320| 6c 6f 70 65 64 20 66 6f | 72 0a 69 74 2e 20 53 4f |loped fo|r.it. SO|
|00003330| 43 4b 53 20 69 73 20 61 | 20 67 65 6e 65 72 69 63 |CKS is a| generic|
|00003340| 20 70 72 6f 78 79 20 73 | 79 73 74 65 6d 20 74 68 | proxy s|ystem th|
|00003350| 61 74 20 63 61 6e 20 62 | 65 20 63 6f 6d 70 69 6c |at can b|e compil|
|00003360| 65 64 0a 69 6e 74 6f 20 | 61 20 63 6c 69 65 6e 74 |ed.into |a client|
|00003370| 2d 73 69 64 65 20 61 70 | 70 6c 69 63 61 74 69 6f |-side ap|plicatio|
|00003380| 6e 20 74 6f 20 6d 61 6b | 65 20 69 74 20 77 6f 72 |n to mak|e it wor|
|00003390| 6b 20 74 68 72 6f 75 67 | 68 20 61 0a 66 69 72 65 |k throug|h a.fire|
|000033a0| 77 61 6c 6c 2e 20 49 74 | 73 20 61 64 76 61 6e 74 |wall. It|s advant|
|000033b0| 61 67 65 20 69 73 20 74 | 68 61 74 20 69 74 27 73 |age is t|hat it's|
|000033c0| 20 65 61 73 79 20 74 6f | 20 75 73 65 2c 20 62 75 | easy to| use, bu|
|000033d0| 74 20 69 74 0a 64 6f 65 | 73 6e 27 74 20 73 75 70 |t it.doe|sn't sup|
|000033e0| 70 6f 72 74 20 74 68 65 | 20 61 64 64 69 74 69 6f |port the| additio|
|000033f0| 6e 20 6f 66 20 61 75 74 | 68 65 6e 74 69 63 61 74 |n of aut|henticat|
|00003400| 69 6f 6e 20 68 6f 6f 6b | 73 20 6f 72 0a 70 72 6f |ion hook|s or.pro|
|00003410| 74 6f 63 6f 6c 20 73 70 | 65 63 69 66 69 63 20 6c |tocol sp|ecific l|
|00003420| 6f 67 67 69 6e 67 2e 20 | 46 6f 72 20 6d 6f 72 65 |ogging. |For more|
|00003430| 20 69 6e 66 6f 72 6d 61 | 74 69 6f 6e 20 6f 6e 20 | informa|tion on |
|00003440| 53 4f 43 4b 53 2c 0a 73 | 65 65 20 66 74 70 2e 6e |SOCKS,.s|ee ftp.n|
|00003450| 65 63 2e 63 6f 6d 3a 20 | 2f 70 75 62 2f 73 65 63 |ec.com: |/pub/sec|
|00003460| 75 72 69 74 79 2f 73 6f | 63 6b 73 2e 63 73 74 63 |urity/so|cks.cstc|
|00003470| 20 20 20 55 73 65 72 73 | 20 61 72 65 0a 65 6e 63 |   Users| are.enc|
|00003480| 6f 75 72 61 67 65 64 20 | 74 6f 20 63 68 65 63 6b |ouraged |to check|
|00003490| 20 74 68 65 20 66 69 6c | 65 20 22 46 49 4c 45 53 | the fil|e "FILES|
|000034a0| 22 20 66 6f 72 20 61 20 | 64 65 73 63 72 69 70 74 |" for a |descript|
|000034b0| 69 6f 6e 0a 6f 66 20 74 | 68 65 20 64 69 72 65 63 |ion.of t|he direc|
|000034c0| 74 6f 72 79 27 73 20 63 | 6f 6e 74 65 6e 74 73 2e |tory's c|ontents.|
|000034d0| 0a 0a 0a 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |...-----|--------|
|000034e0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|000034f0| 2d 0a 0a 44 61 74 65 3a | 20 4d 6f 6e 20 4a 75 6e |-..Date:| Mon Jun|
|00003500| 20 36 20 31 30 3a 30 37 | 3a 33 36 20 31 39 39 34 | 6 10:07|:36 1994|
|00003510| 0a 46 72 6f 6d 3a 20 46 | 77 61 6c 6c 73 2d 46 41 |.From: F|walls-FA|
|00003520| 51 40 74 69 73 2e 63 6f | 6d 0a 53 75 62 6a 65 63 |Q@tis.co|m.Subjec|
|00003530| 74 3a 20 31 30 3a 20 57 | 68 61 74 20 61 72 65 20 |t: 10: W|hat are |
|00003540| 73 6f 6d 65 20 63 68 65 | 61 70 20 70 61 63 6b 65 |some che|ap packe|
|00003550| 74 20 73 63 72 65 65 6e | 69 6e 67 20 74 6f 6f 6c |t screen|ing tool|
|00003560| 73 3f 0a 0a 54 68 65 20 | 54 65 78 61 73 20 41 4d |s?..The |Texas AM|
|00003570| 55 20 73 65 63 75 72 69 | 74 79 20 74 6f 6f 6c 73 |U securi|ty tools|
|00003580| 20 69 6e 63 6c 75 64 65 | 20 73 6f 66 74 77 61 72 | include| softwar|
|00003590| 65 20 66 6f 72 0a 69 6d | 70 6c 65 6d 65 6e 74 69 |e for.im|plementi|
|000035a0| 6e 67 20 73 63 72 65 65 | 6e 69 6e 67 20 72 6f 75 |ng scree|ning rou|
|000035b0| 74 65 72 73 20 28 46 54 | 50 20 6e 65 74 2e 74 61 |ters (FT|P net.ta|
|000035c0| 6d 75 2e 65 64 75 2c 0a | 70 75 62 2f 73 65 63 75 |mu.edu,.|pub/secu|
|000035d0| 72 69 74 79 2f 54 41 4d | 55 29 2e 20 20 4b 61 72 |rity/TAM|U).  Kar|
|000035e0| 6c 62 72 69 64 67 65 20 | 69 73 20 61 20 50 43 2d |lbridge |is a PC-|
|000035f0| 62 61 73 65 64 20 73 63 | 72 65 65 6e 69 6e 67 0a |based sc|reening.|
|00003600| 72 6f 75 74 65 72 20 6b | 69 74 20 28 46 54 50 20 |router k|it (FTP |
|00003610| 6e 69 73 63 61 2e 61 63 | 73 2e 6f 68 69 6f 2d 73 |nisca.ac|s.ohio-s|
|00003620| 74 61 74 65 2e 65 64 75 | 2c 20 70 75 62 2f 6b 62 |tate.edu|, pub/kb|
|00003630| 72 69 64 67 65 29 2e 20 | 41 0a 76 65 72 73 69 6f |ridge). |A.versio|
|00003640| 6e 20 6f 66 20 74 68 65 | 20 44 69 67 69 74 61 6c |n of the| Digital|
|00003650| 20 45 71 75 69 70 6d 65 | 6e 74 20 43 6f 72 70 6f | Equipme|nt Corpo|
|00003660| 72 61 74 69 6f 6e 20 22 | 73 63 72 65 65 6e 64 22 |ration "|screend"|
|00003670| 0a 6b 65 72 6e 65 6c 20 | 73 63 72 65 65 6e 69 6e |.kernel |screenin|
|00003680| 67 20 73 6f 66 74 77 61 | 72 65 20 69 73 20 61 76 |g softwa|re is av|
|00003690| 61 69 6c 61 62 6c 65 20 | 66 6f 72 20 42 53 44 2f |ailable |for BSD/|
|000036a0| 33 38 36 2c 0a 4e 65 74 | 42 53 44 2c 20 61 6e 64 |386,.Net|BSD, and|
|000036b0| 20 42 53 44 49 2e 20 4d | 61 6e 79 20 63 6f 6d 6d | BSDI. M|any comm|
|000036c0| 65 72 63 69 61 6c 20 72 | 6f 75 74 65 72 73 20 73 |ercial r|outers s|
|000036d0| 75 70 70 6f 72 74 20 73 | 63 72 65 65 6e 69 6e 67 |upport s|creening|
|000036e0| 0a 6f 66 20 76 61 72 69 | 6f 75 73 20 66 6f 72 6d |.of vari|ous form|
|000036f0| 73 2e 0a 0a 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |s...----|--------|
|00003700| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00003710| 2d 2d 0a 0a 44 61 74 65 | 3a 20 4d 6f 6e 20 4a 75 |--..Date|: Mon Ju|
|00003720| 6e 20 36 20 31 30 3a 30 | 35 3a 35 31 20 31 39 39 |n 6 10:0|5:51 199|
|00003730| 34 0a 46 72 6f 6d 3a 20 | 46 77 61 6c 6c 73 2d 46 |4.From: |Fwalls-F|
|00003740| 41 51 40 74 69 73 2e 63 | 6f 6d 0a 53 75 62 6a 65 |AQ@tis.c|om.Subje|
|00003750| 63 74 3a 20 31 31 3a 20 | 57 68 61 74 20 61 72 65 |ct: 11: |What are|
|00003760| 20 73 6f 6d 65 20 72 65 | 61 73 6f 6e 61 62 6c 65 | some re|asonable|
|00003770| 20 66 69 6c 74 65 72 69 | 6e 67 20 72 75 6c 65 73 | filteri|ng rules|
|00003780| 20 66 6f 72 20 6d 79 20 | 43 69 73 63 6f 3f 0a 0a | for my |Cisco?..|
|00003790| 54 68 65 20 66 6f 6c 6c | 6f 77 69 6e 67 20 65 78 |The foll|owing ex|
|000037a0| 61 6d 70 6c 65 20 73 68 | 6f 77 73 20 6f 6e 65 20 |ample sh|ows one |
|000037b0| 70 6f 73 73 69 62 6c 65 | 20 63 6f 6e 66 69 67 75 |possible| configu|
|000037c0| 72 61 74 69 6f 6e 20 66 | 6f 72 0a 75 73 69 6e 67 |ration f|or.using|
|000037d0| 20 74 68 65 20 43 69 73 | 63 6f 20 61 73 20 61 20 | the Cis|co as a |
|000037e0| 66 69 6c 74 65 72 69 6e | 67 20 72 6f 75 74 65 72 |filterin|g router|
|000037f0| 2e 20 20 49 74 20 69 73 | 20 61 20 73 61 6d 70 6c |.  It is| a sampl|
|00003800| 65 20 74 68 61 74 0a 73 | 68 6f 77 73 20 74 68 65 |e that.s|hows the|
|00003810| 20 69 6d 70 6c 65 6d 65 | 6e 74 61 74 69 6f 6e 20 | impleme|ntation |
|00003820| 6f 66 20 61 20 73 70 65 | 63 69 66 69 63 20 70 6f |of a spe|cific po|
|00003830| 6c 69 63 79 2e 20 59 6f | 75 72 20 70 6f 6c 69 63 |licy. Yo|ur polic|
|00003840| 79 0a 77 69 6c 6c 20 75 | 6e 64 6f 75 62 74 65 64 |y.will u|ndoubted|
|00003850| 6c 79 20 76 61 72 79 2e | 0a 0a 49 6e 20 74 68 69 |ly vary.|..In thi|
|00003860| 73 20 65 78 61 6d 70 6c | 65 2c 20 61 20 63 6f 6d |s exampl|e, a com|
|00003870| 70 61 6e 79 20 68 61 73 | 20 43 6c 61 73 73 20 42 |pany has| Class B|
|00003880| 20 6e 65 74 77 6f 72 6b | 20 61 64 64 72 65 73 73 | network| address|
|00003890| 20 6f 66 20 31 32 38 2e | 38 38 2e 30 2e 30 0a 61 | of 128.|88.0.0.a|
|000038a0| 6e 64 20 69 73 20 75 73 | 69 6e 67 20 38 20 62 69 |nd is us|ing 8 bi|
|000038b0| 74 73 20 66 6f 72 20 73 | 75 62 6e 65 74 73 2e 20 |ts for s|ubnets. |
|000038c0| 20 20 54 68 65 20 49 6e | 74 65 72 6e 65 74 20 63 |  The In|ternet c|
|000038d0| 6f 6e 6e 65 63 74 69 6f | 6e 20 69 73 20 6f 6e 20 |onnectio|n is on |
|000038e0| 74 68 65 0a 22 72 65 64 | 22 20 73 75 62 6e 65 74 |the."red|" subnet|
|000038f0| 20 31 32 38 2e 38 38 2e | 32 35 34 2e 30 2e 20 20 | 128.88.|254.0.  |
|00003900| 41 6c 6c 20 6f 74 68 65 | 72 20 73 75 62 6e 65 74 |All othe|r subnet|
|00003910| 73 20 61 72 65 20 63 6f | 6e 73 69 64 65 72 65 64 |s are co|nsidered|
|00003920| 20 74 72 75 73 74 65 64 | 0a 6f 72 20 22 62 6c 75 | trusted|.or "blu|
|00003930| 65 22 20 73 75 62 6e 65 | 74 73 2e 0a 0a 20 20 20 |e" subne|ts...   |
|00003940| 20 20 2b 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |  +-----|--------|
|00003950| 2d 2d 2b 20 2b 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--+ +---|--------|
|00003960| 2d 2d 2d 2d 2b 20 20 20 | 20 0a 20 20 20 20 20 7c |----+   | .     ||
|00003970| 20 49 50 20 70 72 6f 76 | 69 64 65 72 20 20 20 7c | IP prov|ider   ||
|00003980| 20 7c 20 20 20 47 61 74 | 65 77 61 79 20 20 20 20 | |   Gat|eway    |
|00003990| 20 7c 0a 20 20 20 20 20 | 7c 20 31 32 38 2e 38 38 | |.     || 128.88|
|000039a0| 2e 32 35 34 2e 31 20 20 | 7c 20 7c 20 31 32 38 2e |.254.1  || | 128.|
|000039b0| 38 38 2e 32 35 34 2e 32 | 20 20 7c 20 20 0a 20 20 |88.254.2|  |  .  |
|000039c0| 20 20 20 2b 2d 2d 2d 2d | 2d 2d 2b 2d 2d 2d 2d 2d |   +----|--+-----|
|000039d0| 2d 2d 2d 2b 20 2b 2d 2d | 2d 2d 2d 2d 2b 2d 2d 2d |---+ +--|----+---|
|000039e0| 2d 2d 2d 2d 2d 2b 20 0a | 20 20 20 20 20 20 20 20 |-----+ .|        |
|000039f0| 20 20 20 20 7c 20 20 20 | 20 20 20 20 20 20 20 20 |    |   |        |
|00003a00| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 |        |        |
|00003a10| 20 22 52 65 64 22 20 6e | 65 74 0a 20 20 2d 2d 2d | "Red" n|et.  ---|
|00003a20| 2d 2d 2d 2d 2d 2d 2d 2b | 2d 2d 2d 2d 2d 2d 2d 2d |-------+|--------|
|00003a30| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2b 2d 2d 2d 2d 2d 2d |--------|-+------|
|00003a40| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00003a50| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 0a 20 20 20 |--------|----.   |
|00003a60| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 |        |        |
|00003a70| 20 20 20 20 20 20 20 20 | 20 20 20 7c 0a 20 20 20 |        |   |.   |
|00003a80| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 |        |        |
|00003a90| 20 20 20 20 2b 2d 2d 2d | 2d 2d 2d 2b 2d 2d 2d 2d |    +---|---+----|
|00003aa0| 2d 2d 2d 2d 2b 20 20 20 | 20 0a 20 20 20 20 20 20 |----+   | .      |
|00003ab0| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 |        |        |
|00003ac0| 20 7c 20 20 20 43 69 73 | 63 6f 20 20 20 20 20 20 | |   Cis|co      |
|00003ad0| 20 7c 20 0a 20 20 20 20 | 20 20 20 20 20 20 20 20 | | .    |        |
|00003ae0| 20 20 20 20 20 20 20 20 | 20 20 20 7c 20 31 32 38 |        |   | 128|
|00003af0| 2e 38 38 2e 32 35 34 2e | 33 20 20 7c 0a 20 20 20 |.88.254.|3  |.   |
|00003b00| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 |        |        |
|00003b10| 20 20 20 20 7c 2e 2e 2e | 2e 2e 2e 2e 2e 2e 2e 2e |    |...|........|
|00003b20| 2e 2e 2e 2e 7c 0a 20 20 | 20 20 20 20 20 20 20 20 |....|.  |        |
|00003b30| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 7c 20 31 |        |     | 1|
|00003b40| 32 38 2e 38 38 2e 31 2e | 31 20 20 20 20 7c 20 20 |28.88.1.|1    |  |
|00003b50| 0a 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 |.       |        |
|00003b60| 20 20 20 20 20 20 20 20 | 2b 2d 2d 2d 2d 2d 2d 2d |        |+-------|
|00003b70| 2d 2d 2d 2d 2d 2d 2d 2d | 2b 20 20 20 20 0a 20 20 |--------|+    .  |
|00003b80| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 |        |        |
|00003b90| 20 20 20 20 20 20 20 20 | 20 20 20 20 7c 20 20 20 |        |    |   |
|00003ba0| 0a 20 20 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |.  -----|--------|
|00003bb0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2b |--------|-------+|
|00003bc0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00003bd0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00003be0| 2d 2d 0a 20 20 20 20 20 | 20 20 20 20 20 20 20 7c |--.     |       ||
|00003bf0| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 |        |        |
|00003c00| 20 20 20 20 20 20 20 20 | 20 20 20 20 22 42 6c 75 |        |    "Blu|
|00003c10| 65 22 20 6e 65 74 0a 20 | 20 20 20 20 2b 2d 2d 2d |e" net. |    +---|
|00003c20| 2d 2d 2d 2b 2d 2d 2d 2d | 2d 2d 2d 2d 2b 20 20 20 |---+----|----+   |
|00003c30| 20 0a 20 20 20 20 20 7c | 20 6d 61 69 6c 20 72 6f | .     || mail ro|
|00003c40| 75 74 65 72 20 20 20 7c | 0a 20 20 20 20 20 7c 20 |uter   ||.     | |
|00003c50| 31 32 38 2e 38 38 2e 31 | 2e 32 20 20 20 20 7c 0a |128.88.1|.2    |.|
|00003c60| 20 20 20 20 20 2b 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |     +--|--------|
|00003c70| 2d 2d 2d 2d 2d 2b 20 20 | 20 20 0a 0a 0a 4b 65 65 |-----+  |  ...Kee|
|00003c80| 70 69 6e 67 20 74 68 65 | 20 66 6f 6c 6c 6f 77 69 |ping the| followi|
|00003c90| 6e 67 20 70 6f 69 6e 74 | 73 20 69 6e 20 6d 69 6e |ng point|s in min|
|00003ca0| 64 20 77 69 6c 6c 20 68 | 65 6c 70 20 69 6e 20 75 |d will h|elp in u|
|00003cb0| 6e 64 65 72 73 74 61 6e | 64 69 6e 67 20 74 68 65 |nderstan|ding the|
|00003cc0| 0a 63 6f 6e 66 69 67 75 | 72 61 74 69 6f 6e 20 66 |.configu|ration f|
|00003cd0| 72 61 67 6d 65 6e 74 73 | 3a 0a 0a 20 20 31 2e 20 |ragments|:..  1. |
|00003ce0| 43 69 73 63 6f 73 20 61 | 70 70 6c 79 69 6e 67 20 |Ciscos a|pplying |
|00003cf0| 66 69 6c 74 65 72 69 6e | 67 20 74 6f 20 6f 75 74 |filterin|g to out|
|00003d00| 70 75 74 20 70 61 63 6b | 65 74 73 20 6f 6e 6c 79 |put pack|ets only|
|00003d10| 2e 0a 20 20 32 2e 20 52 | 75 6c 65 73 20 61 72 65 |..  2. R|ules are|
|00003d20| 20 74 65 73 74 65 64 20 | 69 6e 20 6f 72 64 65 72 | tested |in order|
|00003d30| 20 61 6e 64 20 73 74 6f | 70 20 77 68 65 6e 20 74 | and sto|p when t|
|00003d40| 68 65 20 66 69 72 73 74 | 20 6d 61 74 63 68 20 69 |he first| match i|
|00003d50| 73 20 66 6f 75 6e 64 2e | 0a 20 20 33 2e 20 54 68 |s found.|.  3. Th|
|00003d60| 65 72 65 20 69 73 20 61 | 6e 20 69 6d 70 6c 69 63 |ere is a|n implic|
|00003d70| 69 74 20 64 65 6e 79 20 | 72 75 6c 65 20 61 74 20 |it deny |rule at |
|00003d80| 74 68 65 20 65 6e 64 20 | 6f 66 20 61 6e 20 61 63 |the end |of an ac|
|00003d90| 63 65 73 73 20 6c 69 73 | 74 20 74 68 61 74 0a 20 |cess lis|t that. |
|00003da0| 20 20 20 20 64 65 6e 69 | 65 73 20 65 76 65 72 79 |    deni|es every|
|00003db0| 74 68 69 6e 67 2e 0a 0a | 54 68 65 20 65 78 61 6d |thing...|The exam|
|00003dc0| 70 6c 65 20 62 65 6c 6f | 77 20 63 6f 6e 63 65 6e |ple belo|w concen|
|00003dd0| 74 72 61 74 65 73 20 6f | 6e 20 74 68 65 20 66 69 |trates o|n the fi|
|00003de0| 6c 74 65 72 69 6e 67 20 | 70 61 72 74 73 20 6f 66 |ltering |parts of|
|00003df0| 20 61 20 63 6f 6e 66 69 | 67 75 72 61 74 69 6f 6e | a confi|guration|
|00003e00| 2e 0a 4c 69 6e 65 20 6e | 75 6d 62 65 72 73 20 61 |..Line n|umbers a|
|00003e10| 6e 64 20 66 6f 72 6d 61 | 74 74 69 6e 67 20 68 61 |nd forma|tting ha|
|00003e20| 76 65 20 62 65 65 6e 20 | 61 64 64 65 64 20 66 6f |ve been |added fo|
|00003e30| 72 20 72 65 61 64 61 62 | 69 6c 69 74 79 2e 0a 0a |r readab|ility...|
|00003e40| 54 68 65 20 70 6f 6c 69 | 63 79 20 74 6f 20 62 65 |The poli|cy to be|
|00003e50| 20 69 6d 70 6c 65 6d 65 | 6e 74 65 64 20 69 73 3a | impleme|nted is:|
|00003e60| 0a 20 20 20 20 20 2d 20 | 41 6e 79 74 68 69 6e 67 |.     - |Anything|
|00003e70| 20 6e 6f 74 20 65 78 70 | 6c 69 63 69 74 6c 79 20 | not exp|licitly |
|00003e80| 61 6c 6c 6f 77 65 64 20 | 69 73 20 64 65 6e 69 65 |allowed |is denie|
|00003e90| 64 0a 20 20 20 20 20 2d | 20 54 72 61 66 66 69 63 |d.     -| Traffic|
|00003ea0| 20 62 65 74 77 65 65 6e | 20 74 68 65 20 65 78 74 | between| the ext|
|00003eb0| 65 72 6e 61 6c 20 67 61 | 74 65 77 61 79 20 6d 61 |ernal ga|teway ma|
|00003ec0| 63 68 69 6e 65 20 61 6e | 64 0a 20 20 20 20 20 20 |chine an|d.      |
|00003ed0| 20 62 6c 75 65 20 6e 65 | 74 20 68 6f 73 74 73 20 | blue ne|t hosts |
|00003ee0| 69 73 20 61 6c 6c 6f 77 | 65 64 2e 20 20 0a 20 20 |is allow|ed.  .  |
|00003ef0| 20 20 20 2d 20 70 65 72 | 6d 69 74 20 73 65 72 76 |   - per|mit serv|
|00003f00| 69 63 65 73 20 6f 72 67 | 69 6e 61 74 69 6e 67 20 |ices org|inating |
|00003f10| 66 72 6f 6d 20 74 68 65 | 20 62 6c 75 65 20 6e 65 |from the| blue ne|
|00003f20| 74 0a 20 20 20 20 20 2d | 20 61 6c 6c 6f 77 20 61 |t.     -| allow a|
|00003f30| 20 72 61 6e 67 65 20 6f | 66 20 70 6f 72 74 73 20 | range o|f ports |
|00003f40| 66 6f 72 20 46 54 50 20 | 64 61 74 61 20 63 6f 6e |for FTP |data con|
|00003f50| 6e 65 63 74 69 6f 6e 73 | 20 62 61 63 6b 20 74 6f |nections| back to|
|00003f60| 20 74 68 65 0a 20 20 20 | 20 20 20 20 62 6c 75 65 | the.   |    blue|
|00003f70| 20 6e 65 74 2e 20 20 0a | 0a 20 20 20 20 20 31 20 | net.  .|.     1 |
|00003f80| 20 6e 6f 20 69 70 20 73 | 6f 75 72 63 65 2d 72 6f | no ip s|ource-ro|
|00003f90| 75 74 65 0a 20 20 20 20 | 20 32 20 20 21 0a 20 20 |ute.    | 2  !.  |
|00003fa0| 20 20 20 33 20 20 69 6e | 74 65 72 66 61 63 65 20 |   3  in|terface |
|00003fb0| 45 74 68 65 72 6e 65 74 | 20 30 0a 20 20 20 20 20 |Ethernet| 0.     |
|00003fc0| 34 20 20 69 70 20 61 64 | 64 72 65 73 73 20 31 32 |4  ip ad|dress 12|
|00003fd0| 38 2e 38 38 2e 31 2e 31 | 20 32 35 35 2e 32 35 35 |8.88.1.1| 255.255|
|00003fe0| 2e 32 35 35 2e 30 0a 20 | 20 20 20 20 35 20 20 69 |.255.0. |    5  i|
|00003ff0| 70 20 61 63 63 65 73 73 | 2d 67 72 6f 75 70 20 31 |p access|-group 1|
|00004000| 30 0a 20 20 20 20 20 36 | 20 20 21 0a 20 20 20 20 |0.     6|  !.    |
|00004010| 20 37 20 20 69 6e 74 65 | 72 66 61 63 65 20 45 74 | 7  inte|rface Et|
|00004020| 68 65 72 6e 65 74 20 31 | 0a 20 20 20 20 20 38 20 |hernet 1|.     8 |
|00004030| 20 69 70 20 61 64 64 72 | 65 73 73 20 31 32 38 2e | ip addr|ess 128.|
|00004040| 38 38 2e 32 35 34 2e 33 | 20 32 35 35 2e 32 35 35 |88.254.3| 255.255|
|00004050| 2e 32 35 35 2e 30 0a 20 | 20 20 20 20 39 20 20 69 |.255.0. |    9  i|
|00004060| 70 20 61 63 63 65 73 73 | 2d 67 72 6f 75 70 20 31 |p access|-group 1|
|00004070| 31 0a 20 20 20 20 31 30 | 20 20 21 0a 20 20 20 20 |1.    10|  !.    |
|00004080| 31 31 20 20 61 63 63 65 | 73 73 2d 6c 69 73 74 20 |11  acce|ss-list |
|00004090| 31 30 20 70 65 72 6d 69 | 74 20 69 70 20 31 32 38 |10 permi|t ip 128|
|000040a0| 2e 38 38 2e 32 35 34 2e | 32 20 30 2e 30 2e 30 2e |.88.254.|2 0.0.0.|
|000040b0| 30 0a 20 20 20 20 20 20 | 20 20 20 31 32 38 2e 38 |0.      |   128.8|
|000040c0| 38 2e 30 2e 30 20 30 2e | 30 2e 32 35 35 2e 32 35 |8.0.0 0.|0.255.25|
|000040d0| 35 0a 20 20 20 20 31 32 | 20 20 61 63 63 65 73 73 |5.    12|  access|
|000040e0| 2d 6c 69 73 74 20 31 30 | 20 64 65 6e 79 20 20 20 |-list 10| deny   |
|000040f0| 74 63 70 20 30 2e 30 2e | 30 2e 30 20 32 35 35 2e |tcp 0.0.|0.0 255.|
|00004100| 32 35 35 2e 32 35 35 2e | 32 35 35 0a 20 20 20 20 |255.255.|255.    |
|00004110| 20 20 20 20 20 31 32 38 | 2e 38 38 2e 30 2e 30 20 |     128|.88.0.0 |
|00004120| 30 2e 30 2e 32 35 35 2e | 32 35 35 20 6c 74 20 31 |0.0.255.|255 lt 1|
|00004130| 30 32 35 0a 20 20 20 20 | 31 33 20 20 61 63 63 65 |025.    |13  acce|
|00004140| 73 73 2d 6c 69 73 74 20 | 31 30 20 64 65 6e 79 20 |ss-list |10 deny |
|00004150| 20 20 74 63 70 20 30 2e | 30 2e 30 2e 30 20 32 35 |  tcp 0.|0.0.0 25|
|00004160| 35 2e 32 35 35 2e 32 35 | 35 2e 32 35 35 0a 20 20 |5.255.25|5.255.  |
|00004170| 20 20 20 20 20 20 20 31 | 32 38 2e 38 38 2e 30 2e |       1|28.88.0.|
|00004180| 30 20 30 2e 30 2e 32 35 | 35 2e 32 35 35 20 67 74 |0 0.0.25|5.255 gt|
|00004190| 20 34 39 39 39 0a 20 20 | 20 20 31 34 20 20 61 63 | 4999.  |  14  ac|
|000041a0| 63 65 73 73 2d 6c 69 73 | 74 20 31 30 20 70 65 72 |cess-lis|t 10 per|
|000041b0| 6d 69 74 20 74 63 70 20 | 30 2e 30 2e 30 2e 30 20 |mit tcp |0.0.0.0 |
|000041c0| 32 35 35 2e 32 35 35 2e | 32 35 35 2e 32 35 35 0a |255.255.|255.255.|
|000041d0| 20 20 20 20 20 20 20 20 | 20 31 32 38 2e 38 38 2e |        | 128.88.|
|000041e0| 30 2e 30 20 30 2e 30 2e | 32 35 35 2e 32 35 35 0a |0.0 0.0.|255.255.|
|000041f0| 20 20 20 20 31 35 20 20 | 21 0a 20 20 20 20 31 36 |    15  |!.    16|
|00004200| 20 20 61 63 63 65 73 73 | 2d 6c 69 73 74 20 31 31 |  access|-list 11|
|00004210| 20 70 65 72 6d 69 74 20 | 69 70 20 31 32 38 2e 38 | permit |ip 128.8|
|00004220| 38 2e 30 2e 30 20 30 2e | 30 2e 32 35 35 2e 32 35 |8.0.0 0.|0.255.25|
|00004230| 35 0a 20 20 20 20 20 20 | 20 20 20 31 32 38 2e 38 |5.      |   128.8|
|00004240| 38 2e 32 35 34 2e 32 20 | 30 2e 30 2e 30 2e 30 0a |8.254.2 |0.0.0.0.|
|00004250| 20 20 20 20 31 37 20 20 | 61 63 63 65 73 73 2d 6c |    17  |access-l|
|00004260| 69 73 74 20 31 31 20 64 | 65 6e 79 20 20 20 74 63 |ist 11 d|eny   tc|
|00004270| 70 20 31 32 38 2e 38 38 | 2e 30 2e 30 20 30 2e 30 |p 128.88|.0.0 0.0|
|00004280| 2e 32 35 35 2e 32 35 35 | 0a 20 20 20 20 20 20 20 |.255.255|.       |
|00004290| 20 20 30 2e 30 2e 30 2e | 30 20 32 35 35 2e 32 35 |  0.0.0.|0 255.25|
|000042a0| 35 2e 32 35 35 2e 32 35 | 35 20 65 71 20 32 35 0a |5.255.25|5 eq 25.|
|000042b0| 20 20 20 20 31 38 20 20 | 61 63 63 65 73 73 2d 6c |    18  |access-l|
|000042c0| 69 73 74 20 31 31 20 70 | 65 72 6d 69 74 20 74 63 |ist 11 p|ermit tc|
|000042d0| 70 20 31 32 38 2e 38 38 | 2e 30 2e 30 20 30 2e 30 |p 128.88|.0.0 0.0|
|000042e0| 2e 32 35 35 2e 32 35 35 | 0a 20 20 20 20 20 20 20 |.255.255|.       |
|000042f0| 20 20 30 2e 30 2e 30 2e | 30 20 32 35 35 2e 32 35 |  0.0.0.|0 255.25|
|00004300| 35 2e 32 35 35 2e 32 35 | 35 0a 0a 4c 69 6e 65 73 |5.255.25|5..Lines|
|00004310| 20 20 20 45 78 70 6c 61 | 6e 61 74 69 6f 6e 0a 3d |   Expla|nation.=|
|00004320| 3d 3d 3d 3d 20 20 20 3d | 3d 3d 3d 3d 3d 3d 3d 3d |====   =|========|
|00004330| 3d 3d 0a 20 20 20 20 31 | 20 20 20 41 6c 74 68 6f |==.    1|   Altho|
|00004340| 75 67 68 20 74 68 69 73 | 20 69 73 20 6e 6f 74 20 |ugh this| is not |
|00004350| 61 20 66 69 6c 74 65 72 | 69 6e 67 20 72 75 6c 65 |a filter|ing rule|
|00004360| 2c 20 69 74 20 69 73 20 | 67 6f 6f 64 20 74 6f 20 |, it is |good to |
|00004370| 69 6e 63 6c 75 64 65 20 | 68 65 72 65 2e 0a 0a 20 |include |here... |
|00004380| 20 20 20 35 20 20 20 45 | 74 68 65 72 6e 65 74 20 |   5   E|thernet |
|00004390| 30 20 69 73 20 6f 6e 20 | 74 68 65 20 72 65 64 20 |0 is on |the red |
|000043a0| 6e 65 74 2e 20 20 45 78 | 74 65 6e 64 65 64 20 61 |net.  Ex|tended a|
|000043b0| 63 63 65 73 73 20 6c 69 | 73 74 20 31 30 20 77 69 |ccess li|st 10 wi|
|000043c0| 6c 6c 0a 20 20 20 20 20 | 20 20 20 62 65 20 61 70 |ll.     |   be ap|
|000043d0| 70 6c 69 65 64 20 74 6f | 20 6f 75 74 70 75 74 20 |plied to| output |
|000043e0| 6f 6e 20 74 68 69 73 20 | 69 6e 74 65 72 66 61 63 |on this |interfac|
|000043f0| 65 2e 20 20 59 6f 75 20 | 63 61 6e 20 61 6c 73 6f |e.  You |can also|
|00004400| 0a 20 20 20 20 20 20 20 | 20 74 68 69 6e 6b 20 6f |.       | think o|
|00004410| 66 20 6f 75 74 70 75 74 | 20 66 72 6f 6d 20 74 68 |f output| from th|
|00004420| 65 20 72 65 64 20 6e 65 | 74 20 61 73 20 69 6e 70 |e red ne|t as inp|
|00004430| 75 74 20 6f 6e 20 74 68 | 65 20 62 6c 75 65 20 6e |ut on th|e blue n|
|00004440| 65 74 2e 0a 20 0a 20 20 | 20 20 39 20 20 20 45 74 |et.. .  |  9   Et|
|00004450| 68 65 72 6e 65 74 20 31 | 20 69 73 20 6f 6e 20 74 |hernet 1| is on t|
|00004460| 68 65 20 62 6c 75 65 20 | 6e 65 74 2e 20 20 45 78 |he blue |net.  Ex|
|00004470| 74 65 6e 64 65 64 20 61 | 63 63 65 73 73 20 6c 69 |tended a|ccess li|
|00004480| 73 74 20 31 31 20 77 69 | 6c 6c 0a 20 20 20 20 20 |st 11 wi|ll.     |
|00004490| 20 20 20 62 65 20 61 70 | 70 6c 69 65 64 20 74 6f |   be ap|plied to|
|000044a0| 20 6f 75 74 70 75 74 20 | 6f 6e 20 74 68 69 73 20 | output |on this |
|000044b0| 69 6e 74 65 72 66 61 63 | 65 2e 0a 0a 20 20 20 31 |interfac|e...   1|
|000044c0| 31 20 20 20 41 6c 6c 6f | 77 20 61 6c 6c 20 74 72 |1   Allo|w all tr|
|000044d0| 61 66 66 69 63 20 66 72 | 6f 6d 20 74 68 65 20 67 |affic fr|om the g|
|000044e0| 61 74 65 77 61 79 20 6d | 61 63 68 69 6e 65 20 74 |ateway m|achine t|
|000044f0| 6f 20 74 68 65 20 62 6c | 75 65 20 6e 65 74 2e 0a |o the bl|ue net..|
|00004500| 0a 31 32 2d 31 34 20 20 | 20 41 6c 6c 6f 77 20 63 |.12-14  | Allow c|
|00004510| 6f 6e 6e 65 63 74 69 6f | 6e 73 20 6f 72 69 67 69 |onnectio|ns origi|
|00004520| 6e 61 74 69 6e 67 20 66 | 72 6f 6d 20 74 68 65 20 |nating f|rom the |
|00004530| 72 65 64 20 6e 65 74 20 | 74 68 61 74 20 63 6f 6d |red net |that com|
|00004540| 65 20 69 6e 0a 20 20 20 | 20 20 20 20 20 62 65 74 |e in.   |     bet|
|00004550| 77 65 65 6e 20 70 6f 72 | 74 73 20 31 30 32 34 20 |ween por|ts 1024 |
|00004560| 61 6e 64 20 35 30 30 30 | 2e 20 20 54 68 69 73 20 |and 5000|.  This |
|00004570| 69 73 20 74 6f 20 61 6c | 6c 6f 77 20 66 74 70 20 |is to al|low ftp |
|00004580| 64 61 74 61 0a 20 20 20 | 20 20 20 20 20 63 6f 6e |data.   |     con|
|00004590| 6e 65 63 74 69 6f 6e 73 | 20 62 61 63 6b 20 69 6e |nections| back in|
|000045a0| 74 6f 20 74 68 65 20 62 | 6c 75 65 20 6e 65 74 2e |to the b|lue net.|
|000045b0| 20 20 35 30 30 30 20 77 | 61 73 20 63 68 6f 73 65 |  5000 w|as chose|
|000045c0| 6e 20 61 73 20 74 68 65 | 0a 20 20 20 20 20 20 20 |n as the|.       |
|000045d0| 20 75 70 70 65 72 20 6c | 69 6d 69 74 20 61 73 20 | upper l|imit as |
|000045e0| 69 74 20 69 73 20 77 68 | 65 72 65 20 4f 70 65 6e |it is wh|ere Open|
|000045f0| 56 69 65 77 20 73 74 61 | 72 74 73 2e 0a 0a 20 20 |View sta|rts...  |
|00004600| 20 20 20 20 20 20 4e 6f | 74 65 3a 20 61 67 61 69 |      No|te: agai|
|00004610| 6e 2c 20 77 65 20 61 72 | 65 20 61 73 73 75 6d 69 |n, we ar|e assumi|
|00004620| 6e 67 20 74 68 69 73 20 | 69 73 20 61 63 63 65 70 |ng this |is accep|
|00004630| 74 61 62 6c 65 20 66 6f | 72 20 74 68 65 20 67 69 |table fo|r the gi|
|00004640| 76 65 6e 20 70 6f 6c 69 | 63 79 2e 0a 20 20 20 20 |ven poli|cy..    |
|00004650| 20 20 20 20 20 20 20 20 | 20 20 54 68 65 72 65 20 |        |  There |
|00004660| 69 73 20 6e 6f 20 77 61 | 79 20 74 6f 20 74 65 6c |is no wa|y to tel|
|00004670| 6c 20 61 20 43 69 73 63 | 6f 20 74 6f 20 66 69 6c |l a Cisc|o to fil|
|00004680| 74 65 72 20 6f 6e 20 73 | 6f 75 72 63 65 20 70 6f |ter on s|ource po|
|00004690| 72 74 2e 0a 20 20 20 20 | 20 20 20 20 20 20 20 20 |rt..    |        |
|000046a0| 20 20 4e 65 77 65 72 20 | 76 65 72 73 69 6f 6e 73 |  Newer |versions|
|000046b0| 20 6f 66 20 74 68 65 20 | 43 69 73 63 6f 20 66 69 | of the |Cisco fi|
|000046c0| 72 6d 77 61 72 65 20 77 | 69 6c 6c 20 61 70 70 61 |rmware w|ill appa|
|000046d0| 72 65 6e 74 6c 79 20 73 | 75 70 70 6f 72 74 0a 20 |rently s|upport. |
|000046e0| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 73 6f 75 |        |     sou|
|000046f0| 72 63 65 20 70 6f 72 74 | 20 66 69 6c 74 65 72 69 |rce port| filteri|
|00004700| 6e 67 2e 0a 20 20 20 0a | 20 20 20 20 20 20 20 20 |ng..   .|        |
|00004710| 53 69 6e 63 65 20 74 68 | 65 20 72 75 6c 65 73 20 |Since th|e rules |
|00004720| 61 72 65 20 74 65 73 74 | 65 64 20 75 6e 74 69 6c |are test|ed until|
|00004730| 20 74 68 65 20 66 69 72 | 73 74 20 6d 61 74 63 68 | the fir|st match|
|00004740| 20 77 65 20 6d 75 73 74 | 20 75 73 65 20 74 68 69 | we must| use thi|
|00004750| 73 0a 20 20 20 20 20 20 | 20 20 72 61 74 68 65 72 |s.      |  rather|
|00004760| 20 6f 62 74 75 73 65 20 | 73 79 6e 74 61 78 2e 0a | obtuse |syntax..|
|00004770| 0a 20 20 20 31 36 20 20 | 20 41 6c 6c 6f 77 20 61 |.   16  | Allow a|
|00004780| 6c 6c 20 62 6c 75 65 20 | 6e 65 74 20 70 61 63 6b |ll blue |net pack|
|00004790| 65 74 73 20 74 6f 20 74 | 68 65 20 67 61 74 65 77 |ets to t|he gatew|
|000047a0| 61 79 20 6d 61 63 68 69 | 6e 65 2e 0a 0a 20 20 20 |ay machi|ne...   |
|000047b0| 31 37 20 20 20 44 65 6e | 79 20 53 4d 54 50 20 28 |17   Den|y SMTP (|
|000047c0| 74 63 70 20 70 6f 72 74 | 20 32 35 29 20 6d 61 69 |tcp port| 25) mai|
|000047d0| 6c 20 74 6f 20 74 68 65 | 20 72 65 64 20 6e 65 74 |l to the| red net|
|000047e0| 2e 0a 0a 20 20 20 31 38 | 20 20 20 41 6c 6c 6f 77 |...   18|   Allow|
|000047f0| 20 61 6c 6c 20 6f 74 68 | 65 72 20 54 43 50 20 74 | all oth|er TCP t|
|00004800| 72 61 66 66 69 63 20 74 | 6f 20 74 68 65 20 72 65 |raffic t|o the re|
|00004810| 64 20 6e 65 74 2e 0a 0a | 0a 43 69 73 63 6f 2e 43 |d net...|.Cisco.C|
|00004820| 6f 6d 20 68 61 73 20 61 | 6e 20 61 72 63 68 69 76 |om has a|n archiv|
|00004830| 65 20 6f 66 20 65 78 61 | 6d 70 6c 65 73 20 66 6f |e of exa|mples fo|
|00004840| 72 20 62 75 69 6c 64 69 | 6e 67 20 66 69 72 65 77 |r buildi|ng firew|
|00004850| 61 6c 6c 73 0a 75 73 69 | 6e 67 20 43 69 73 63 6f |alls.usi|ng Cisco|
|00004860| 20 72 6f 75 74 65 72 73 | 2c 20 61 76 61 69 6c 61 | routers|, availa|
|00004870| 62 6c 65 20 66 6f 72 20 | 46 54 50 20 66 72 6f 6d |ble for |FTP from|
|00004880| 3a 20 66 74 70 2e 63 69 | 73 63 6f 2e 63 6f 6d 0a |: ftp.ci|sco.com.|
|00004890| 69 6e 20 20 2f 70 75 62 | 2f 61 63 6c 2d 65 78 61 |in  /pub|/acl-exa|
|000048a0| 6d 70 6c 65 73 2e 74 61 | 72 2e 5a 0a 0a 2d 2d 2d |mples.ta|r.Z..---|
|000048b0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|000048c0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 0a 0a 44 61 74 |--------|---..Dat|
|000048d0| 65 3a 20 54 68 75 20 4d | 61 72 20 33 20 31 33 3a |e: Thu M|ar 3 13:|
|000048e0| 35 32 3a 34 37 20 31 39 | 39 34 0a 46 72 6f 6d 3a |52:47 19|94.From:|
|000048f0| 20 46 77 61 6c 6c 73 2d | 46 41 51 40 74 69 73 2e | Fwalls-|FAQ@tis.|
|00004900| 63 6f 6d 0a 53 75 62 6a | 65 63 74 3a 20 31 32 3a |com.Subj|ect: 12:|
|00004910| 20 48 6f 77 20 64 6f 20 | 49 20 6d 61 6b 65 20 44 | How do |I make D|
|00004920| 4e 53 20 77 6f 72 6b 20 | 77 69 74 68 20 61 20 66 |NS work |with a f|
|00004930| 69 72 65 77 61 6c 6c 3f | 0a 0a 53 6f 6d 65 20 6f |irewall?|..Some o|
|00004940| 72 67 61 6e 69 7a 61 74 | 69 6f 6e 73 20 77 61 6e |rganizat|ions wan|
|00004950| 74 20 74 6f 20 68 69 64 | 65 20 44 4e 53 20 6e 61 |t to hid|e DNS na|
|00004960| 6d 65 73 20 66 72 6f 6d | 20 74 68 65 20 6f 75 74 |mes from| the out|
|00004970| 73 69 64 65 2e 0a 4d 61 | 6e 79 20 65 78 70 65 72 |side..Ma|ny exper|
|00004980| 74 73 20 64 69 73 61 67 | 72 65 65 20 61 73 20 74 |ts disag|ree as t|
|00004990| 6f 20 77 68 65 74 68 65 | 72 20 6f 72 20 6e 6f 74 |o whethe|r or not|
|000049a0| 20 68 69 64 69 6e 67 20 | 44 4e 53 20 6e 61 6d 65 | hiding |DNS name|
|000049b0| 73 0a 69 73 20 77 6f 72 | 74 68 77 68 69 6c 65 2c |s.is wor|thwhile,|
|000049c0| 20 62 75 74 20 69 66 20 | 73 69 74 65 2f 63 6f 72 | but if |site/cor|
|000049d0| 70 6f 72 61 74 65 20 70 | 6f 6c 69 63 79 20 6d 61 |porate p|olicy ma|
|000049e0| 6e 64 61 74 65 73 20 68 | 69 64 69 6e 67 0a 64 6f |ndates h|iding.do|
|000049f0| 6d 61 69 6e 20 6e 61 6d | 65 73 2c 20 74 68 69 73 |main nam|es, this|
|00004a00| 20 69 73 20 6f 6e 65 20 | 61 70 70 72 6f 61 63 68 | is one |approach|
|00004a10| 20 74 68 61 74 20 69 73 | 20 6b 6e 6f 77 6e 20 74 | that is| known t|
|00004a20| 6f 20 77 6f 72 6b 2e 0a | 0a 54 68 69 73 20 61 70 |o work..|.This ap|
|00004a30| 70 72 6f 61 63 68 20 69 | 73 20 6f 6e 65 20 6f 66 |proach i|s one of|
|00004a40| 20 6d 61 6e 79 2c 20 61 | 6e 64 20 69 73 20 75 73 | many, a|nd is us|
|00004a50| 65 66 75 6c 20 66 6f 72 | 0a 6f 72 67 61 6e 69 7a |eful for|.organiz|
|00004a60| 61 74 69 6f 6e 73 20 74 | 68 61 74 20 77 69 73 68 |ations t|hat wish|
|00004a70| 20 74 6f 20 68 69 64 65 | 20 74 68 65 69 72 20 68 | to hide| their h|
|00004a80| 6f 73 74 20 6e 61 6d 65 | 73 20 66 72 6f 6d 20 74 |ost name|s from t|
|00004a90| 68 65 0a 49 6e 74 65 72 | 6e 65 74 2e 20 54 68 65 |he.Inter|net. The|
|00004aa0| 20 73 75 63 63 65 73 73 | 20 6f 66 20 74 68 69 73 | success| of this|
|00004ab0| 20 61 70 70 72 6f 61 63 | 68 20 6c 69 65 73 20 6f | approac|h lies o|
|00004ac0| 6e 20 74 68 65 20 66 61 | 63 74 20 74 68 61 74 0a |n the fa|ct that.|
|00004ad0| 44 4e 53 20 63 6c 69 65 | 6e 74 73 20 6f 6e 20 61 |DNS clie|nts on a|
|00004ae0| 20 6d 61 63 68 69 6e 65 | 20 64 6f 6e 27 74 20 68 | machine| don't h|
|00004af0| 61 76 65 20 74 6f 20 74 | 61 6c 6b 20 74 6f 20 61 |ave to t|alk to a|
|00004b00| 20 44 4e 53 20 73 65 72 | 76 65 72 0a 6f 6e 20 74 | DNS ser|ver.on t|
|00004b10| 68 61 74 20 73 61 6d 65 | 20 6d 61 63 68 69 6e 65 |hat same| machine|
|00004b20| 2e 20 20 49 6e 20 6f 74 | 68 65 72 20 77 6f 72 64 |.  In ot|her word|
|00004b30| 73 2c 20 6a 75 73 74 20 | 62 65 63 61 75 73 65 20 |s, just |because |
|00004b40| 74 68 65 72 65 27 73 0a | 61 20 44 4e 53 20 73 65 |there's.|a DNS se|
|00004b50| 72 76 65 72 20 6f 6e 20 | 61 20 6d 61 63 68 69 6e |rver on |a machin|
|00004b60| 65 2c 20 74 68 65 72 65 | 27 73 20 6e 6f 74 68 69 |e, there|'s nothi|
|00004b70| 6e 67 20 77 72 6f 6e 67 | 20 77 69 74 68 20 28 61 |ng wrong| with (a|
|00004b80| 6e 64 0a 74 68 65 72 65 | 20 61 72 65 20 6f 66 74 |nd.there| are oft|
|00004b90| 65 6e 20 61 64 76 61 6e | 74 61 67 65 73 20 74 6f |en advan|tages to|
|00004ba0| 29 20 72 65 64 69 72 65 | 63 74 69 6e 67 20 74 68 |) redire|cting th|
|00004bb0| 61 74 20 6d 61 63 68 69 | 6e 65 27 73 0a 44 4e 53 |at machi|ne's.DNS|
|00004bc0| 20 63 6c 69 65 6e 74 20 | 61 63 74 69 76 69 74 79 | client |activity|
|00004bd0| 20 74 6f 20 61 20 44 4e | 53 20 73 65 72 76 65 72 | to a DN|S server|
|00004be0| 20 6f 6e 20 61 6e 6f 74 | 68 65 72 20 6d 61 63 68 | on anot|her mach|
|00004bf0| 69 6e 65 2e 0a 0a 46 69 | 72 73 74 2c 20 79 6f 75 |ine...Fi|rst, you|
|00004c00| 20 73 65 74 20 75 70 20 | 61 20 44 4e 53 20 73 65 | set up |a DNS se|
|00004c10| 72 76 65 72 20 6f 6e 20 | 74 68 65 20 62 61 73 74 |rver on |the bast|
|00004c20| 69 6f 6e 20 68 6f 73 74 | 20 74 68 61 74 20 74 68 |ion host| that th|
|00004c30| 65 0a 6f 75 74 73 69 64 | 65 20 77 6f 72 6c 64 20 |e.outsid|e world |
|00004c40| 63 61 6e 20 74 61 6c 6b | 20 74 6f 2e 20 59 6f 75 |can talk| to. You|
|00004c50| 20 73 65 74 20 74 68 69 | 73 20 73 65 72 76 65 72 | set thi|s server|
|00004c60| 20 75 70 20 73 6f 20 74 | 68 61 74 20 69 74 0a 63 | up so t|hat it.c|
|00004c70| 6c 61 69 6d 73 20 74 6f | 20 62 65 20 61 75 74 68 |laims to| be auth|
|00004c80| 6f 72 69 74 61 74 69 76 | 65 20 66 6f 72 20 79 6f |oritativ|e for yo|
|00004c90| 75 72 20 64 6f 6d 61 69 | 6e 73 2e 20 20 49 6e 20 |ur domai|ns.  In |
|00004ca0| 66 61 63 74 2c 20 61 6c | 6c 0a 74 68 69 73 20 73 |fact, al|l.this s|
|00004cb0| 65 72 76 65 72 20 6b 6e | 6f 77 73 20 69 73 20 77 |erver kn|ows is w|
|00004cc0| 68 61 74 20 79 6f 75 20 | 77 61 6e 74 20 74 68 65 |hat you |want the|
|00004cd0| 20 6f 75 74 73 69 64 65 | 20 77 6f 72 6c 64 20 74 | outside| world t|
|00004ce0| 6f 0a 6b 6e 6f 77 3b 20 | 74 68 65 20 6e 61 6d 65 |o.know; |the name|
|00004cf0| 73 20 61 6e 64 20 61 64 | 64 72 65 73 73 65 73 20 |s and ad|dresses |
|00004d00| 6f 66 20 79 6f 75 72 20 | 67 61 74 65 77 61 79 73 |of your |gateways|
|00004d10| 2c 20 79 6f 75 72 0a 77 | 69 6c 64 63 61 72 64 20 |, your.w|ildcard |
|00004d20| 4d 58 20 72 65 63 6f 72 | 64 73 2c 20 61 6e 64 20 |MX recor|ds, and |
|00004d30| 73 6f 20 66 6f 72 74 68 | 2e 20 20 54 68 69 73 20 |so forth|.  This |
|00004d40| 69 73 20 74 68 65 20 22 | 70 75 62 6c 69 63 22 0a |is the "|public".|
|00004d50| 73 65 72 76 65 72 2e 0a | 0a 54 68 65 6e 2c 20 79 |server..|.Then, y|
|00004d60| 6f 75 20 73 65 74 20 75 | 70 20 61 20 44 4e 53 20 |ou set u|p a DNS |
|00004d70| 73 65 72 76 65 72 20 6f | 6e 20 61 6e 20 69 6e 74 |server o|n an int|
|00004d80| 65 72 6e 61 6c 20 6d 61 | 63 68 69 6e 65 2e 20 20 |ernal ma|chine.  |
|00004d90| 54 68 69 73 0a 73 65 72 | 76 65 72 20 61 6c 73 6f |This.ser|ver also|
|00004da0| 20 63 6c 61 69 6d 73 20 | 74 6f 20 62 65 20 61 75 | claims |to be au|
|00004db0| 74 68 6f 72 69 74 69 61 | 74 69 76 65 20 66 6f 72 |thoritia|tive for|
|00004dc0| 20 79 6f 75 72 20 64 6f | 6d 61 69 6e 73 3b 0a 75 | your do|mains;.u|
|00004dd0| 6e 6c 69 6b 65 20 74 68 | 65 20 70 75 62 6c 69 63 |nlike th|e public|
|00004de0| 20 73 65 72 76 65 72 2c | 20 74 68 69 73 20 6f 6e | server,| this on|
|00004df0| 65 20 69 73 20 74 65 6c | 6c 69 6e 67 20 74 68 65 |e is tel|ling the|
|00004e00| 20 74 72 75 74 68 2e 0a | 54 68 69 73 20 69 73 20 | truth..|This is |
|00004e10| 79 6f 75 72 20 22 6e 6f | 72 6d 61 6c 22 20 6e 61 |your "no|rmal" na|
|00004e20| 6d 65 73 65 72 76 65 72 | 2c 20 69 6e 74 6f 20 77 |meserver|, into w|
|00004e30| 68 69 63 68 20 79 6f 75 | 20 70 75 74 20 61 6c 6c |hich you| put all|
|00004e40| 0a 79 6f 75 72 20 22 6e | 6f 72 6d 61 6c 22 20 44 |.your "n|ormal" D|
|00004e50| 4e 53 20 73 74 75 66 66 | 2e 20 20 59 6f 75 20 61 |NS stuff|.  You a|
|00004e60| 6c 73 6f 20 73 65 74 20 | 74 68 69 73 20 73 65 72 |lso set |this ser|
|00004e70| 76 65 72 20 75 70 20 74 | 6f 0a 66 6f 72 77 61 72 |ver up t|o.forwar|
|00004e80| 64 20 71 75 65 72 69 65 | 73 20 74 68 61 74 20 69 |d querie|s that i|
|00004e90| 74 20 63 61 6e 27 74 20 | 72 65 73 6f 6c 76 65 20 |t can't |resolve |
|00004ea0| 74 6f 20 74 68 65 20 70 | 75 62 6c 69 63 20 73 65 |to the p|ublic se|
|00004eb0| 72 76 65 72 0a 28 75 73 | 69 6e 67 20 61 20 22 66 |rver.(us|ing a "f|
|00004ec0| 6f 72 77 61 72 64 65 72 | 73 22 20 6c 69 6e 65 20 |orwarder|s" line |
|00004ed0| 69 6e 20 2f 65 74 63 2f | 6e 61 6d 65 64 2e 62 6f |in /etc/|named.bo|
|00004ee0| 6f 74 20 6f 6e 20 61 20 | 55 4e 49 58 0a 6d 61 63 |ot on a |UNIX.mac|
|00004ef0| 68 69 6e 65 2c 20 66 6f | 72 20 65 78 61 6d 70 6c |hine, fo|r exampl|
|00004f00| 65 29 2e 0a 0a 46 69 6e | 61 6c 6c 79 2c 20 79 6f |e)...Fin|ally, yo|
|00004f10| 75 20 73 65 74 20 75 70 | 20 61 6c 6c 20 79 6f 75 |u set up| all you|
|00004f20| 72 20 44 4e 53 20 63 6c | 69 65 6e 74 73 20 28 74 |r DNS cl|ients (t|
|00004f30| 68 65 0a 2f 65 74 63 2f | 72 65 73 6f 6c 76 2e 63 |he./etc/|resolv.c|
|00004f40| 6f 6e 66 20 66 69 6c 65 | 20 6f 6e 20 61 20 55 4e |onf file| on a UN|
|00004f50| 49 58 20 62 6f 78 2c 20 | 66 6f 72 20 69 6e 73 74 |IX box, |for inst|
|00004f60| 61 6e 63 65 29 2c 0a 69 | 6e 63 6c 75 64 69 6e 67 |ance),.i|ncluding|
|00004f70| 20 74 68 65 20 6f 6e 65 | 73 20 6f 6e 20 74 68 65 | the one|s on the|
|00004f80| 20 6d 61 63 68 69 6e 65 | 20 77 69 74 68 20 74 68 | machine| with th|
|00004f90| 65 20 70 75 62 6c 69 63 | 20 73 65 72 76 65 72 2c |e public| server,|
|00004fa0| 20 74 6f 0a 75 73 65 20 | 74 68 65 20 69 6e 74 65 | to.use |the inte|
|00004fb0| 72 6e 61 6c 20 73 65 72 | 76 65 72 2e 20 20 54 68 |rnal ser|ver.  Th|
|00004fc0| 69 73 20 69 73 20 74 68 | 65 20 6b 65 79 2e 0a 0a |is is th|e key...|
|00004fd0| 41 6e 20 69 6e 74 65 72 | 6e 61 6c 20 63 6c 69 65 |An inter|nal clie|
|00004fe0| 6e 74 20 61 73 6b 69 6e | 67 20 61 62 6f 75 74 20 |nt askin|g about |
|00004ff0| 61 6e 20 69 6e 74 65 72 | 6e 61 6c 20 68 6f 73 74 |an inter|nal host|
|00005000| 20 61 73 6b 73 20 74 68 | 65 0a 69 6e 74 65 72 6e | asks th|e.intern|
|00005010| 61 6c 20 73 65 72 76 65 | 72 2c 20 61 6e 64 20 67 |al serve|r, and g|
|00005020| 65 74 73 20 61 6e 20 61 | 6e 73 77 65 72 3b 20 61 |ets an a|nswer; a|
|00005030| 6e 20 69 6e 74 65 72 6e | 61 6c 20 63 6c 69 65 6e |n intern|al clien|
|00005040| 74 0a 61 73 6b 69 6e 67 | 20 61 62 6f 75 74 20 61 |t.asking| about a|
|00005050| 6e 20 65 78 74 65 72 6e | 61 6c 20 68 6f 73 74 20 |n extern|al host |
|00005060| 61 73 6b 73 20 74 68 65 | 20 69 6e 74 65 72 6e 61 |asks the| interna|
|00005070| 6c 20 73 65 72 76 65 72 | 2c 0a 77 68 69 63 68 20 |l server|,.which |
|00005080| 61 73 6b 73 20 74 68 65 | 20 70 75 62 6c 69 63 20 |asks the| public |
|00005090| 73 65 72 76 65 72 2c 20 | 77 68 69 63 68 20 61 73 |server, |which as|
|000050a0| 6b 73 20 74 68 65 20 49 | 6e 74 65 72 6e 65 74 2c |ks the I|nternet,|
|000050b0| 20 61 6e 64 0a 74 68 65 | 20 61 6e 73 77 65 72 20 | and.the| answer |
|000050c0| 69 73 20 72 65 6c 61 79 | 65 64 20 62 61 63 6b 2e |is relay|ed back.|
|000050d0| 20 20 41 20 63 6c 69 65 | 6e 74 20 6f 6e 20 74 68 |  A clie|nt on th|
|000050e0| 65 20 70 75 62 6c 69 63 | 20 73 65 72 76 65 72 0a |e public| server.|
|000050f0| 77 6f 72 6b 73 20 6a 75 | 73 74 20 74 68 65 20 73 |works ju|st the s|
|00005100| 61 6d 65 20 77 61 79 2e | 20 20 41 6e 20 65 78 74 |ame way.|  An ext|
|00005110| 65 72 6e 61 6c 20 63 6c | 69 65 6e 74 2c 20 68 6f |ernal cl|ient, ho|
|00005120| 77 65 76 65 72 2c 0a 61 | 73 6b 69 6e 67 20 61 62 |wever,.a|sking ab|
|00005130| 6f 75 74 20 61 6e 20 69 | 6e 74 65 72 6e 61 6c 20 |out an i|nternal |
|00005140| 68 6f 73 74 20 67 65 74 | 73 20 62 61 63 6b 20 74 |host get|s back t|
|00005150| 68 65 20 22 72 65 73 74 | 72 69 63 74 65 64 22 0a |he "rest|ricted".|
|00005160| 61 6e 73 77 65 72 20 66 | 72 6f 6d 20 74 68 65 20 |answer f|rom the |
|00005170| 70 75 62 6c 69 63 20 73 | 65 72 76 65 72 2e 0a 0a |public s|erver...|
|00005180| 54 68 69 73 20 61 70 70 | 72 6f 61 63 68 20 61 73 |This app|roach as|
|00005190| 73 75 6d 65 73 20 74 68 | 61 74 20 74 68 65 72 65 |sumes th|at there|
|000051a0| 27 73 20 61 20 70 61 63 | 6b 65 74 20 66 69 6c 74 |'s a pac|ket filt|
|000051b0| 65 72 69 6e 67 0a 66 69 | 72 65 77 61 6c 6c 20 62 |ering.fi|rewall b|
|000051c0| 65 74 77 65 65 6e 20 74 | 68 65 73 65 20 74 77 6f |etween t|hese two|
|000051d0| 20 73 65 72 76 65 72 73 | 20 74 68 61 74 20 77 69 | servers| that wi|
|000051e0| 6c 6c 20 61 6c 6c 6f 77 | 20 74 68 65 6d 20 74 6f |ll allow| them to|
|000051f0| 0a 74 61 6c 6b 20 44 4e | 53 20 74 6f 20 65 61 63 |.talk DN|S to eac|
|00005200| 68 20 6f 74 68 65 72 2c | 20 62 75 74 20 6f 74 68 |h other,| but oth|
|00005210| 65 72 77 69 73 65 20 72 | 65 73 74 72 69 63 74 73 |erwise r|estricts|
|00005220| 20 44 4e 53 20 62 65 74 | 77 65 65 6e 0a 6f 74 68 | DNS bet|ween.oth|
|00005230| 65 72 20 68 6f 73 74 73 | 2e 0a 0a 41 6e 6f 74 68 |er hosts|...Anoth|
|00005240| 65 72 20 74 72 69 63 6b | 20 74 68 61 74 27 73 20 |er trick| that's |
|00005250| 75 73 65 66 75 6c 20 69 | 6e 20 74 68 69 73 20 73 |useful i|n this s|
|00005260| 63 68 65 6d 65 20 69 73 | 20 74 6f 20 65 6d 70 6c |cheme is| to empl|
|00005270| 6f 79 0a 77 69 6c 64 63 | 61 72 64 20 50 54 52 20 |oy.wildc|ard PTR |
|00005280| 72 65 63 6f 72 64 73 20 | 69 6e 20 79 6f 75 72 20 |records |in your |
|00005290| 49 4e 2d 41 44 44 52 2e | 41 52 50 41 20 64 6f 6d |IN-ADDR.|ARPA dom|
|000052a0| 61 69 6e 73 2e 20 54 68 | 65 73 65 0a 63 61 75 73 |ains. Th|ese.caus|
|000052b0| 65 20 61 6e 20 61 6e 20 | 61 64 64 72 65 73 73 2d |e an an |address-|
|000052c0| 74 6f 2d 6e 61 6d 65 20 | 6c 6f 6f 6b 75 70 20 66 |to-name |lookup f|
|000052d0| 6f 72 20 61 6e 79 20 6f | 66 20 79 6f 75 72 20 6e |or any o|f your n|
|000052e0| 6f 6e 2d 0a 70 75 62 6c | 69 63 20 68 6f 73 74 73 |on-.publ|ic hosts|
|000052f0| 20 74 6f 20 72 65 74 75 | 72 6e 20 73 6f 6d 65 74 | to retu|rn somet|
|00005300| 68 69 6e 67 20 6c 69 6b | 65 20 22 75 6e 6b 6e 6f |hing lik|e "unkno|
|00005310| 77 6e 2e 59 4f 55 52 2e | 44 4f 4d 41 49 4e 22 0a |wn.YOUR.|DOMAIN".|
|00005320| 72 61 74 68 65 72 20 74 | 68 61 6e 20 61 6e 20 65 |rather t|han an e|
|00005330| 72 72 6f 72 2e 20 20 54 | 68 69 73 20 73 61 74 69 |rror.  T|his sati|
|00005340| 73 66 69 65 73 20 61 6e | 6f 6e 79 6d 6f 75 73 20 |sfies an|onymous |
|00005350| 46 54 50 20 73 69 74 65 | 73 0a 6c 69 6b 65 20 66 |FTP site|s.like f|
|00005360| 74 70 2e 75 75 2e 6e 65 | 74 20 74 68 61 74 20 69 |tp.uu.ne|t that i|
|00005370| 6e 73 69 73 74 20 6f 6e | 20 68 61 76 69 6e 67 20 |nsist on| having |
|00005380| 61 20 6e 61 6d 65 20 66 | 6f 72 20 74 68 65 0a 6d |a name f|or the.m|
|00005390| 61 63 68 69 6e 65 73 20 | 74 68 65 79 20 74 61 6c |achines |they tal|
|000053a0| 6b 20 74 6f 2e 20 54 68 | 69 73 20 6d 61 79 20 66 |k to. Th|is may f|
|000053b0| 61 69 6c 20 77 68 65 6e | 20 74 61 6c 6b 69 6e 67 |ail when| talking|
|000053c0| 20 74 6f 20 73 69 74 65 | 73 0a 74 68 61 74 20 64 | to site|s.that d|
|000053d0| 6f 20 61 20 44 4e 53 20 | 63 72 6f 73 73 2d 63 68 |o a DNS |cross-ch|
|000053e0| 65 63 6b 20 69 6e 20 77 | 68 69 63 68 20 74 68 65 |eck in w|hich the|
|000053f0| 20 68 6f 73 74 20 6e 61 | 6d 65 20 69 73 20 6d 61 | host na|me is ma|
|00005400| 74 63 68 65 64 0a 61 67 | 61 69 6e 73 74 20 69 74 |tched.ag|ainst it|
|00005410| 73 20 61 64 64 72 65 73 | 73 20 61 6e 64 20 76 69 |s addres|s and vi|
|00005420| 63 65 20 76 65 72 73 61 | 2e 0a 0a 4e 6f 74 65 20 |ce versa|...Note |
|00005430| 74 68 61 74 20 68 69 64 | 69 6e 67 20 6e 61 6d 65 |that hid|ing name|
|00005440| 73 20 69 6e 20 74 68 65 | 20 44 4e 53 20 64 6f 65 |s in the| DNS doe|
|00005450| 73 6e 27 74 20 61 64 64 | 72 65 73 73 20 74 68 65 |sn't add|ress the|
|00005460| 0a 70 72 6f 62 6c 65 6d | 20 6f 66 20 68 6f 73 74 |.problem| of host|
|00005470| 20 6e 61 6d 65 73 20 22 | 6c 65 61 6b 69 6e 67 22 | names "|leaking"|
|00005480| 20 6f 75 74 20 69 6e 20 | 6d 61 69 6c 20 68 65 61 | out in |mail hea|
|00005490| 64 65 72 73 2c 0a 6e 65 | 77 73 20 61 72 74 69 63 |ders,.ne|ws artic|
|000054a0| 6c 65 73 2c 20 65 74 63 | 2e 0a 0a 2d 2d 2d 2d 2d |les, etc|...-----|
|000054b0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|000054c0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 0a 0a 44 61 74 65 3a |--------|-..Date:|
|000054d0| 20 54 68 75 20 4d 61 72 | 20 33 20 32 31 3a 31 34 | Thu Mar| 3 21:14|
|000054e0| 3a 32 34 20 31 39 39 34 | 0a 46 72 6f 6d 3a 20 46 |:24 1994|.From: F|
|000054f0| 77 61 6c 6c 73 2d 46 41 | 51 40 74 69 73 2e 63 6f |walls-FA|Q@tis.co|
|00005500| 6d 0a 53 75 62 6a 65 63 | 74 3a 20 31 33 3a 20 48 |m.Subjec|t: 13: H|
|00005510| 6f 77 20 64 6f 20 49 20 | 6d 61 6b 65 20 46 54 50 |ow do I |make FTP|
|00005520| 20 77 6f 72 6b 20 74 68 | 72 6f 75 67 68 20 6d 79 | work th|rough my|
|00005530| 20 66 69 72 65 77 61 6c | 6c 3f 0a 0a 47 65 6e 65 | firewal|l?..Gene|
|00005540| 72 61 6c 6c 79 2c 20 6d | 61 6b 69 6e 67 20 46 54 |rally, m|aking FT|
|00005550| 50 20 77 6f 72 6b 20 74 | 68 72 6f 75 67 68 20 74 |P work t|hrough t|
|00005560| 68 65 20 66 69 72 65 77 | 61 6c 6c 20 69 73 20 64 |he firew|all is d|
|00005570| 6f 6e 65 0a 65 69 74 68 | 65 72 20 75 73 69 6e 67 |one.eith|er using|
|00005580| 20 61 20 70 72 6f 78 79 | 20 73 65 72 76 65 72 20 | a proxy| server |
|00005590| 6f 72 20 62 79 20 70 65 | 72 6d 69 74 74 69 6e 67 |or by pe|rmitting|
|000055a0| 20 69 6e 63 6f 6d 69 6e | 67 0a 63 6f 6e 6e 65 63 | incomin|g.connec|
|000055b0| 74 69 6f 6e 73 20 74 6f | 20 74 68 65 20 6e 65 74 |tions to| the net|
|000055c0| 77 6f 72 6b 20 61 74 20 | 61 20 72 65 73 74 72 69 |work at |a restri|
|000055d0| 63 74 65 64 20 70 6f 72 | 74 20 72 61 6e 67 65 2c |cted por|t range,|
|000055e0| 20 61 6e 64 0a 6f 74 68 | 65 72 77 69 73 65 20 72 | and.oth|erwise r|
|000055f0| 65 73 74 72 69 63 74 69 | 6e 67 20 69 6e 63 6f 6d |estricti|ng incom|
|00005600| 69 6e 67 20 63 6f 6e 6e | 65 63 74 69 6f 6e 73 20 |ing conn|ections |
|00005610| 75 73 69 6e 67 20 73 6f | 6d 65 74 68 69 6e 67 0a |using so|mething.|
|00005620| 6c 69 6b 65 20 22 65 73 | 74 61 62 6c 69 73 68 65 |like "es|tablishe|
|00005630| 64 22 20 73 63 72 65 65 | 6e 69 6e 67 20 72 75 6c |d" scree|ning rul|
|00005640| 65 73 2e 20 54 68 65 20 | 46 54 50 20 63 6c 69 65 |es. The |FTP clie|
|00005650| 6e 74 20 69 73 20 74 68 | 65 6e 0a 6d 6f 64 69 66 |nt is th|en.modif|
|00005660| 69 65 64 20 74 6f 20 62 | 69 6e 64 20 74 68 65 20 |ied to b|ind the |
|00005670| 64 61 74 61 20 70 6f 72 | 74 20 74 6f 20 61 20 70 |data por|t to a p|
|00005680| 6f 72 74 20 77 69 74 68 | 69 6e 20 74 68 61 74 20 |ort with|in that |
|00005690| 72 61 6e 67 65 2e 0a 54 | 68 69 73 20 65 6e 74 61 |range..T|his enta|
|000056a0| 69 6c 73 20 62 65 69 6e | 67 20 61 62 6c 65 20 74 |ils bein|g able t|
|000056b0| 6f 20 6d 6f 64 69 66 79 | 20 74 68 65 20 46 54 50 |o modify| the FTP|
|000056c0| 20 63 6c 69 65 6e 74 20 | 61 70 70 6c 69 63 61 74 | client |applicat|
|000056d0| 69 6f 6e 0a 6f 6e 20 69 | 6e 74 65 72 6e 61 6c 20 |ion.on i|nternal |
|000056e0| 68 6f 73 74 73 2e 0a 0a | 09 41 20 64 69 66 66 65 |hosts...|.A diffe|
|000056f0| 72 65 6e 74 20 61 70 70 | 72 6f 61 63 68 20 69 73 |rent app|roach is|
|00005700| 20 74 6f 20 75 73 65 20 | 74 68 65 20 46 54 50 20 | to use |the FTP |
|00005710| 22 50 41 53 56 22 0a 6f | 70 74 69 6f 6e 20 74 6f |"PASV".o|ption to|
|00005720| 20 69 6e 64 69 63 61 74 | 65 20 74 68 61 74 20 74 | indicat|e that t|
|00005730| 68 65 20 72 65 6d 6f 74 | 65 20 46 54 50 20 73 65 |he remot|e FTP se|
|00005740| 72 76 65 72 20 73 68 6f | 75 6c 64 20 70 65 72 6d |rver sho|uld perm|
|00005750| 69 74 0a 74 68 65 20 63 | 6c 69 65 6e 74 20 74 6f |it.the c|lient to|
|00005760| 20 69 6e 69 74 69 61 74 | 65 20 63 6f 6e 6e 65 63 | initiat|e connec|
|00005770| 74 69 6f 6e 73 2e 20 54 | 68 65 20 20 50 41 53 56 |tions. T|he  PASV|
|00005780| 20 61 70 70 72 6f 61 63 | 68 0a 61 73 73 75 6d 65 | approac|h.assume|
|00005790| 73 20 74 68 61 74 20 74 | 68 65 20 46 54 50 20 73 |s that t|he FTP s|
|000057a0| 65 72 76 65 72 20 6f 6e | 20 74 68 65 20 72 65 6d |erver on| the rem|
|000057b0| 6f 74 65 20 73 79 73 74 | 65 6d 20 73 75 70 70 6f |ote syst|em suppo|
|000057c0| 72 74 73 0a 74 68 61 74 | 20 6f 70 65 72 61 74 69 |rts.that| operati|
|000057d0| 6f 6e 2e 20 28 53 65 65 | 20 52 46 43 31 35 37 39 |on. (See| RFC1579|
|000057e0| 20 66 6f 72 20 6d 6f 72 | 65 20 69 6e 66 6f 72 6d | for mor|e inform|
|000057f0| 61 74 69 6f 6e 29 0a 0a | 09 4f 74 68 65 72 20 73 |ation)..|.Other s|
|00005800| 69 74 65 73 20 70 72 65 | 66 65 72 20 74 6f 20 62 |ites pre|fer to b|
|00005810| 75 69 6c 64 20 63 6c 69 | 65 6e 74 20 76 65 72 73 |uild cli|ent vers|
|00005820| 69 6f 6e 73 20 6f 66 0a | 74 68 65 20 46 54 50 20 |ions of.|the FTP |
|00005830| 70 72 6f 67 72 61 6d 20 | 74 68 61 74 20 61 72 65 |program |that are|
|00005840| 20 6c 69 6e 6b 65 64 20 | 61 67 61 69 6e 73 74 20 | linked |against |
|00005850| 61 20 53 4f 43 4b 53 20 | 6c 69 62 72 61 72 79 2e |a SOCKS |library.|
|00005860| 0a 0a 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |..------|--------|
|00005870| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00005880| 0a 0a 44 61 74 65 3a 20 | 4d 6f 6e 20 4d 61 72 20 |..Date: |Mon Mar |
|00005890| 37 20 31 33 3a 30 30 3a | 30 38 20 31 39 39 34 0a |7 13:00:|08 1994.|
|000058a0| 46 72 6f 6d 3a 20 46 77 | 61 6c 6c 73 2d 46 41 51 |From: Fw|alls-FAQ|
|000058b0| 40 74 69 73 2e 63 6f 6d | 0a 53 75 62 6a 65 63 74 |@tis.com|.Subject|
|000058c0| 3a 20 31 34 3a 20 48 6f | 77 20 64 6f 20 49 20 6d |: 14: Ho|w do I m|
|000058d0| 61 6b 65 20 54 65 6c 6e | 65 74 20 77 6f 72 6b 20 |ake Teln|et work |
|000058e0| 74 68 72 6f 75 67 68 20 | 6d 79 20 66 69 72 65 77 |through |my firew|
|000058f0| 61 6c 6c 3f 0a 0a 54 65 | 6c 6e 65 74 20 69 73 20 |all?..Te|lnet is |
|00005900| 67 65 6e 65 72 61 6c 6c | 79 20 73 75 70 70 6f 72 |generall|y suppor|
|00005910| 74 65 64 20 65 69 74 68 | 65 72 20 62 79 20 75 73 |ted eith|er by us|
|00005920| 69 6e 67 20 61 6e 20 61 | 70 70 6c 69 63 61 74 69 |ing an a|pplicati|
|00005930| 6f 6e 0a 70 72 6f 78 79 | 2c 20 6f 72 20 62 79 20 |on.proxy|, or by |
|00005940| 73 69 6d 70 6c 79 20 63 | 6f 6e 66 69 67 75 72 69 |simply c|onfiguri|
|00005950| 6e 67 20 61 20 72 6f 75 | 74 65 72 20 74 6f 20 70 |ng a rou|ter to p|
|00005960| 65 72 6d 69 74 20 6f 75 | 74 67 6f 69 6e 67 0a 63 |ermit ou|tgoing.c|
|00005970| 6f 6e 6e 65 63 74 69 6f | 6e 73 20 75 73 69 6e 67 |onnectio|ns using|
|00005980| 20 73 6f 6d 65 74 68 69 | 6e 67 20 6c 69 6b 65 20 | somethi|ng like |
|00005990| 74 68 65 20 22 65 73 74 | 61 62 6c 69 73 68 65 64 |the "est|ablished|
|000059a0| 22 20 73 63 72 65 65 6e | 69 6e 67 0a 72 75 6c 65 |" screen|ing.rule|
|000059b0| 73 2e 20 41 70 70 6c 69 | 63 61 74 69 6f 6e 20 70 |s. Appli|cation p|
|000059c0| 72 6f 78 69 65 73 20 63 | 6f 75 6c 64 20 62 65 20 |roxies c|ould be |
|000059d0| 69 6e 20 74 68 65 20 66 | 6f 72 6d 20 6f 66 20 61 |in the f|orm of a|
|000059e0| 20 73 74 61 6e 64 61 6c | 6f 6e 65 0a 70 72 6f 78 | standal|one.prox|
|000059f0| 79 20 72 75 6e 6e 69 6e | 67 20 6f 6e 20 74 68 65 |y runnin|g on the|
|00005a00| 20 62 61 73 74 69 6f 6e | 20 68 6f 73 74 2c 20 6f | bastion| host, o|
|00005a10| 72 20 69 6e 20 74 68 65 | 20 66 6f 72 6d 20 6f 66 |r in the| form of|
|00005a20| 20 61 20 53 4f 43 4b 53 | 0a 73 65 72 76 65 72 20 | a SOCKS|.server |
|00005a30| 61 6e 64 20 61 20 6d 6f | 64 69 66 69 65 64 20 63 |and a mo|dified c|
|00005a40| 6c 69 65 6e 74 2e 0a 0a | 2d 2d 2d 2d 2d 2d 2d 2d |lient...|--------|
|00005a50| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00005a60| 2d 2d 2d 2d 2d 2d 0a 0a | 44 61 74 65 3a 20 54 68 |------..|Date: Th|
|00005a70| 75 20 4d 61 72 20 33 20 | 31 34 3a 31 36 3a 31 32 |u Mar 3 |14:16:12|
|00005a80| 20 31 39 39 34 0a 46 72 | 6f 6d 3a 20 46 77 61 6c | 1994.Fr|om: Fwal|
|00005a90| 6c 73 2d 46 41 51 40 74 | 69 73 2e 63 6f 6d 0a 53 |ls-FAQ@t|is.com.S|
|00005aa0| 75 62 6a 65 63 74 3a 20 | 31 35 3a 20 48 6f 77 20 |ubject: |15: How |
|00005ab0| 64 6f 20 49 20 6d 61 6b | 65 20 46 69 6e 67 65 72 |do I mak|e Finger|
|00005ac0| 20 61 6e 64 20 77 68 6f | 69 73 20 77 6f 72 6b 20 | and who|is work |
|00005ad0| 74 68 72 6f 75 67 68 20 | 6d 79 20 66 69 72 65 77 |through |my firew|
|00005ae0| 61 6c 6c 3f 0a 0a 50 65 | 72 6d 69 74 20 63 6f 6e |all?..Pe|rmit con|
|00005af0| 6e 65 63 74 69 6f 6e 73 | 20 74 6f 20 74 68 65 20 |nections| to the |
|00005b00| 66 69 6e 67 65 72 20 70 | 6f 72 74 20 66 72 6f 6d |finger p|ort from|
|00005b10| 20 6f 6e 6c 79 20 74 72 | 75 73 74 65 64 0a 6d 61 | only tr|usted.ma|
|00005b20| 63 68 69 6e 65 73 2c 20 | 77 68 69 63 68 20 63 61 |chines, |which ca|
|00005b30| 6e 20 69 73 73 75 65 20 | 66 69 6e 67 65 72 20 72 |n issue |finger r|
|00005b40| 65 71 75 65 73 74 73 20 | 69 6e 20 74 68 65 20 66 |equests |in the f|
|00005b50| 6f 72 6d 20 6f 66 3a 0a | 66 69 6e 67 65 72 20 75 |orm of:.|finger u|
|00005b60| 73 65 72 40 68 6f 73 74 | 2e 64 6f 6d 61 69 6e 40 |ser@host|.domain@|
|00005b70| 66 69 72 65 77 61 6c 6c | 0a 0a 54 68 69 73 20 61 |firewall|..This a|
|00005b80| 70 70 72 6f 61 63 68 20 | 6f 6e 6c 79 20 77 6f 72 |pproach |only wor|
|00005b90| 6b 73 20 77 69 74 68 20 | 74 68 65 20 73 74 61 6e |ks with |the stan|
|00005ba0| 64 61 72 64 20 55 4e 49 | 58 20 76 65 72 73 69 6f |dard UNI|X versio|
|00005bb0| 6e 20 6f 66 0a 66 69 6e | 67 65 72 2e 20 53 6f 6d |n of.fin|ger. Som|
|00005bc0| 65 20 66 69 6e 67 65 72 | 20 73 65 72 76 65 72 73 |e finger| servers|
|00005bd0| 20 64 6f 20 6e 6f 74 20 | 70 65 72 6d 69 74 20 75 | do not |permit u|
|00005be0| 73 65 72 40 68 6f 73 74 | 40 68 6f 73 74 0a 66 69 |ser@host|@host.fi|
|00005bf0| 6e 67 65 72 69 6e 67 2e | 0a 0a 4d 61 6e 79 20 73 |ngering.|..Many s|
|00005c00| 69 74 65 73 20 62 6c 6f | 63 6b 20 69 6e 62 6f 75 |ites blo|ck inbou|
|00005c10| 6e 64 20 66 69 6e 67 65 | 72 20 72 65 71 75 65 73 |nd finge|r reques|
|00005c20| 74 73 20 66 6f 72 20 61 | 20 76 61 72 69 65 74 79 |ts for a| variety|
|00005c30| 20 6f 66 0a 72 65 61 73 | 6f 6e 73 2c 20 66 6f 72 | of.reas|ons, for|
|00005c40| 65 6d 6f 73 74 20 62 65 | 69 6e 67 20 70 61 73 74 |emost be|ing past|
|00005c50| 20 73 65 63 75 72 69 74 | 79 20 62 75 67 73 20 69 | securit|y bugs i|
|00005c60| 6e 20 74 68 65 20 66 69 | 6e 67 65 72 0a 73 65 72 |n the fi|nger.ser|
|00005c70| 76 65 72 20 28 74 68 65 | 20 4d 6f 72 72 69 73 20 |ver (the| Morris |
|00005c80| 69 6e 74 65 72 6e 65 74 | 20 77 6f 72 6d 20 6d 61 |internet| worm ma|
|00005c90| 64 65 20 74 68 65 73 65 | 20 62 75 67 73 20 66 61 |de these| bugs fa|
|00005ca0| 6d 6f 75 73 29 0a 61 6e | 64 20 74 68 65 20 72 69 |mous).an|d the ri|
|00005cb0| 73 6b 20 6f 66 20 70 72 | 6f 70 72 69 65 74 61 72 |sk of pr|oprietar|
|00005cc0| 79 20 6f 72 20 73 65 6e | 73 69 74 69 76 65 20 69 |y or sen|sitive i|
|00005cd0| 6e 66 6f 72 6d 61 74 69 | 6f 6e 20 62 65 69 6e 67 |nformati|on being|
|00005ce0| 0a 72 65 76 65 61 6c 65 | 64 20 69 6e 20 75 73 65 |.reveale|d in use|
|00005cf0| 72 27 73 20 66 69 6e 67 | 65 72 20 69 6e 66 6f 72 |r's fing|er infor|
|00005d00| 6d 61 74 69 6f 6e 2e 0a | 0a 2d 2d 2d 2d 2d 2d 2d |mation..|.-------|
|00005d10| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00005d20| 2d 2d 2d 2d 2d 2d 2d 0a | 0a 44 61 74 65 3a 20 54 |-------.|.Date: T|
|00005d30| 68 75 20 4d 61 72 20 33 | 20 31 32 3a 34 30 3a 35 |hu Mar 3| 12:40:5|
|00005d40| 34 20 31 39 39 34 0a 46 | 72 6f 6d 3a 20 46 77 61 |4 1994.F|rom: Fwa|
|00005d50| 6c 6c 73 2d 46 41 51 40 | 74 69 73 2e 63 6f 6d 0a |lls-FAQ@|tis.com.|
|00005d60| 53 75 62 6a 65 63 74 3a | 20 31 36 3a 20 48 6f 77 |Subject:| 16: How|
|00005d70| 20 64 6f 20 49 20 6d 61 | 6b 65 20 67 6f 70 68 65 | do I ma|ke gophe|
|00005d80| 72 2c 20 61 72 63 68 69 | 65 2c 20 61 6e 64 20 6f |r, archi|e, and o|
|00005d90| 74 68 65 72 20 73 65 72 | 76 69 63 65 73 20 77 6f |ther ser|vices wo|
|00005da0| 72 6b 20 74 68 72 6f 75 | 67 68 20 6d 79 20 66 69 |rk throu|gh my fi|
|00005db0| 72 65 77 61 6c 6c 3f 0a | 0a 54 68 69 73 20 69 73 |rewall?.|.This is|
|00005dc0| 20 73 74 69 6c 6c 20 61 | 6e 20 61 72 65 61 20 6f | still a|n area o|
|00005dd0| 66 20 61 63 74 69 76 65 | 20 72 65 73 65 61 72 63 |f active| researc|
|00005de0| 68 20 69 6e 20 74 68 65 | 20 66 69 72 65 77 61 6c |h in the| firewal|
|00005df0| 6c 0a 63 6f 6d 6d 75 6e | 69 74 79 2e 20 4d 61 6e |l.commun|ity. Man|
|00005e00| 79 20 66 69 72 65 77 61 | 6c 6c 20 61 64 6d 69 6e |y firewa|ll admin|
|00005e10| 69 73 74 72 61 74 6f 72 | 73 20 73 75 70 70 6f 72 |istrator|s suppor|
|00005e20| 74 20 74 68 65 73 65 0a | 73 65 72 76 69 63 65 73 |t these.|services|
|00005e30| 20 6f 6e 6c 79 20 74 68 | 72 6f 75 67 68 20 74 68 | only th|rough th|
|00005e40| 65 20 63 68 61 72 61 63 | 74 65 72 2d 63 65 6c 6c |e charac|ter-cell|
|00005e50| 20 69 6e 74 65 72 66 61 | 63 65 20 70 72 6f 76 69 | interfa|ce provi|
|00005e60| 64 65 64 0a 62 79 20 74 | 65 6c 6e 65 74 2e 20 55 |ded.by t|elnet. U|
|00005e70| 6e 66 6f 72 74 75 6e 61 | 74 65 6c 79 2c 20 6d 61 |nfortuna|tely, ma|
|00005e80| 6e 79 20 6f 66 20 74 68 | 65 20 73 65 78 69 65 72 |ny of th|e sexier|
|00005e90| 20 6e 65 74 77 6f 72 6b | 0a 73 65 72 76 69 63 65 | network|.service|
|00005ea0| 73 20 6d 61 6b 65 20 63 | 6f 6e 6e 65 63 74 69 6f |s make c|onnectio|
|00005eb0| 6e 73 20 74 6f 20 6d 75 | 6c 74 69 70 6c 65 20 72 |ns to mu|ltiple r|
|00005ec0| 65 6d 6f 74 65 20 73 79 | 73 74 65 6d 73 2c 0a 77 |emote sy|stems,.w|
|00005ed0| 69 74 68 6f 75 74 20 74 | 72 61 6e 73 6d 69 74 74 |ithout t|ransmitt|
|00005ee0| 69 6e 67 20 61 6e 79 20 | 69 6e 6c 69 6e 65 20 69 |ing any |inline i|
|00005ef0| 6e 66 6f 72 6d 61 74 69 | 6f 6e 20 74 68 61 74 20 |nformati|on that |
|00005f00| 61 20 70 72 6f 78 79 0a | 63 6f 75 6c 64 20 74 61 |a proxy.|could ta|
|00005f10| 6b 65 20 61 64 76 61 6e | 74 61 67 65 20 6f 66 2c |ke advan|tage of,|
|00005f20| 20 61 6e 64 20 6f 66 74 | 65 6e 20 74 68 65 20 6e | and oft|en the n|
|00005f30| 65 77 65 72 20 69 6e 66 | 6f 72 6d 61 74 69 6f 6e |ewer inf|ormation|
|00005f40| 0a 72 65 74 72 69 65 76 | 61 6c 20 73 79 73 74 65 |.retriev|al syste|
|00005f50| 6d 73 20 74 72 61 6e 73 | 6d 69 74 20 64 61 74 61 |ms trans|mit data|
|00005f60| 20 74 6f 20 6c 6f 63 61 | 6c 20 68 6f 73 74 73 20 | to loca|l hosts |
|00005f70| 61 6e 64 20 64 69 73 6b | 73 0a 77 69 74 68 20 6f |and disk|s.with o|
|00005f80| 6e 6c 79 20 6d 69 6e 69 | 6d 61 6c 20 73 65 63 75 |nly mini|mal secu|
|00005f90| 72 69 74 79 2e 20 54 68 | 65 72 65 20 61 72 65 20 |rity. Th|ere are |
|00005fa0| 72 69 73 6b 73 20 74 68 | 61 74 20 28 66 6f 72 0a |risks th|at (for.|
|00005fb0| 65 78 61 6d 70 6c 65 29 | 20 57 41 49 53 20 63 6c |example)| WAIS cl|
|00005fc0| 69 65 6e 74 73 20 6d 61 | 79 20 72 65 71 75 65 73 |ients ma|y reques|
|00005fd0| 74 20 75 75 65 6e 63 6f | 64 65 64 20 66 69 6c 65 |t uuenco|ded file|
|00005fe0| 73 2c 20 77 68 69 63 68 | 0a 64 65 63 6f 64 65 20 |s, which|.decode |
|00005ff0| 61 6e 64 20 6d 6f 64 69 | 66 79 20 73 65 63 75 72 |and modi|fy secur|
|00006000| 69 74 79 20 72 65 6c 61 | 74 65 64 20 66 69 6c 65 |ity rela|ted file|
|00006010| 73 20 69 6e 20 74 68 65 | 20 75 73 65 72 27 73 20 |s in the| user's |
|00006020| 68 6f 6d 65 0a 64 69 72 | 65 63 74 6f 72 79 2e 20 |home.dir|ectory. |
|00006030| 41 74 20 70 72 65 73 65 | 6e 74 2c 20 74 68 65 72 |At prese|nt, ther|
|00006040| 65 20 69 73 20 61 20 6c | 6f 74 20 6f 66 20 68 65 |e is a l|ot of he|
|00006050| 61 64 2d 73 63 72 61 74 | 63 68 69 6e 67 0a 67 6f |ad-scrat|ching.go|
|00006060| 69 6e 67 20 6f 6e 20 62 | 65 74 77 65 65 6e 20 74 |ing on b|etween t|
|00006070| 68 65 20 66 69 72 65 77 | 61 6c 6c 20 61 64 6d 69 |he firew|all admi|
|00006080| 6e 69 73 74 72 61 74 6f | 72 73 20 77 68 6f 20 61 |nistrato|rs who a|
|00006090| 72 65 0a 72 65 73 70 6f | 6e 73 69 62 6c 65 20 66 |re.respo|nsible f|
|000060a0| 6f 72 20 67 75 61 72 64 | 69 6e 67 20 74 68 65 20 |or guard|ing the |
|000060b0| 6e 65 74 77 6f 72 6b 20 | 70 65 72 69 6d 65 74 65 |network |perimete|
|000060c0| 72 73 2c 20 61 6e 64 20 | 74 68 65 0a 75 73 65 72 |rs, and |the.user|
|000060d0| 73 2c 20 77 68 6f 20 77 | 61 6e 74 20 74 6f 20 74 |s, who w|ant to t|
|000060e0| 61 6b 65 20 61 64 76 61 | 6e 74 61 67 65 20 6f 66 |ake adva|ntage of|
|000060f0| 20 74 68 65 73 65 20 76 | 65 72 79 20 73 65 78 79 | these v|ery sexy|
|00006100| 20 61 6e 64 0a 61 64 6d | 69 74 74 65 64 6c 79 20 | and.adm|ittedly |
|00006110| 75 73 65 66 75 6c 20 74 | 6f 6f 6c 73 2e 0a 0a 2d |useful t|ools...-|
|00006120| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|00006130| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 0a 0a 44 |--------|-----..D|
|00006140| 61 74 65 3a 20 4d 6f 6e | 20 4a 75 6e 20 36 20 31 |ate: Mon| Jun 6 1|
|00006150| 30 3a 31 32 3a 30 33 20 | 31 39 39 34 0a 46 72 6f |0:12:03 |1994.Fro|
|00006160| 6d 3a 20 46 77 61 6c 6c | 73 2d 46 41 51 40 74 69 |m: Fwall|s-FAQ@ti|
|00006170| 73 2e 63 6f 6d 0a 53 75 | 62 6a 65 63 74 3a 20 31 |s.com.Su|bject: 1|
|00006180| 37 3a 20 57 68 61 74 20 | 61 72 65 20 74 68 65 20 |7: What |are the |
|00006190| 69 73 73 75 65 73 20 61 | 62 6f 75 74 20 58 2d 57 |issues a|bout X-W|
|000061a0| 69 6e 64 6f 77 20 74 68 | 72 6f 75 67 68 20 61 20 |indow th|rough a |
|000061b0| 66 69 72 65 77 61 6c 6c | 3f 0a 0a 09 58 20 57 69 |firewall|?...X Wi|
|000061c0| 6e 64 6f 77 73 20 69 73 | 20 61 20 76 65 72 79 20 |ndows is| a very |
|000061d0| 75 73 65 66 75 6c 20 73 | 79 73 74 65 6d 2c 20 62 |useful s|ystem, b|
|000061e0| 75 74 20 75 6e 66 6f 72 | 74 75 6e 61 74 65 6c 79 |ut unfor|tunately|
|000061f0| 20 68 61 73 0a 73 6f 6d | 65 20 6d 61 6a 6f 72 20 | has.som|e major |
|00006200| 73 65 63 75 72 69 74 79 | 20 66 6c 61 77 73 2e 20 |security| flaws. |
|00006210| 52 65 6d 6f 74 65 20 73 | 79 73 74 65 6d 73 20 74 |Remote s|ystems t|
|00006220| 68 61 74 20 63 61 6e 20 | 67 61 69 6e 20 6f 72 20 |hat can |gain or |
|00006230| 73 70 6f 6f 66 0a 61 63 | 63 65 73 73 20 74 6f 20 |spoof.ac|cess to |
|00006240| 61 20 77 6f 72 6b 73 74 | 61 74 69 6f 6e 27 73 20 |a workst|ation's |
|00006250| 58 20 64 69 73 70 6c 61 | 79 20 63 61 6e 20 6d 6f |X displa|y can mo|
|00006260| 6e 69 74 6f 72 20 6b 65 | 79 73 74 72 6f 6b 65 73 |nitor ke|ystrokes|
|00006270| 20 74 68 61 74 0a 61 20 | 75 73 65 72 20 65 6e 74 | that.a |user ent|
|00006280| 65 72 73 2c 20 64 6f 77 | 6e 6c 6f 61 64 20 63 6f |ers, dow|nload co|
|00006290| 70 69 65 73 20 6f 66 20 | 74 68 65 20 63 6f 6e 74 |pies of |the cont|
|000062a0| 65 6e 74 73 20 6f 66 20 | 74 68 65 69 72 20 77 69 |ents of |their wi|
|000062b0| 6e 64 6f 77 73 2c 0a 65 | 74 63 2e 0a 0a 09 57 68 |ndows,.e|tc....Wh|
|000062c0| 69 6c 65 20 61 74 74 65 | 6d 70 74 73 20 68 61 76 |ile atte|mpts hav|
|000062d0| 65 20 62 65 65 6e 20 6d | 61 64 65 20 74 6f 20 6f |e been m|ade to o|
|000062e0| 76 65 72 63 6f 6d 65 20 | 74 68 65 6d 20 28 45 2e |vercome |them (E.|
|000062f0| 67 2e 2c 0a 4d 49 54 20 | 22 4d 61 67 69 63 20 43 |g.,.MIT |"Magic C|
|00006300| 6f 6f 6b 69 65 22 29 20 | 69 74 20 69 73 20 73 74 |ookie") |it is st|
|00006310| 69 6c 6c 20 65 6e 74 69 | 72 65 6c 79 20 74 6f 6f |ill enti|rely too|
|00006320| 20 65 61 73 79 20 66 6f | 72 20 61 6e 20 61 74 74 | easy fo|r an att|
|00006330| 61 63 6b 65 72 0a 74 6f | 20 69 6e 74 65 72 66 65 |acker.to| interfe|
|00006340| 72 65 20 77 69 74 68 20 | 61 20 75 73 65 72 27 73 |re with |a user's|
|00006350| 20 58 20 64 69 73 70 6c | 61 79 2e 20 20 4d 6f 73 | X displ|ay.  Mos|
|00006360| 74 20 66 69 72 65 77 61 | 6c 6c 73 20 62 6c 6f 63 |t firewa|lls bloc|
|00006370| 6b 20 61 6c 6c 20 58 0a | 74 72 61 66 66 69 63 2e |k all X.|traffic.|
|00006380| 20 53 6f 6d 65 20 70 65 | 72 6d 69 74 20 58 20 74 | Some pe|rmit X t|
|00006390| 72 61 66 66 69 63 20 74 | 68 72 6f 75 67 68 20 61 |raffic t|hrough a|
|000063a0| 70 70 6c 69 63 61 74 69 | 6f 6e 20 70 72 6f 78 69 |pplicati|on proxi|
|000063b0| 65 73 20 73 75 63 68 20 | 61 73 0a 74 68 65 20 44 |es such |as.the D|
|000063c0| 45 43 20 43 52 4c 20 58 | 20 70 72 6f 78 79 20 28 |EC CRL X| proxy (|
|000063d0| 46 54 50 20 63 72 6c 2e | 64 65 63 2e 63 6f 6d 29 |FTP crl.|dec.com)|
|000063e0| 2e 0a 0a 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |...-----|--------|
|000063f0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
+--------+-------------------------+-------------------------+--------+--------+
Only 25.0 KB of data is shown above.