[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenBSD 3.4: authpf problem

To: Anthony Schlemmer <aschlemm@comcast.net>
Subject: Re: OpenBSD 3.4: authpf problem
From: Magnus Bodin <magnus@bodin.org>
Date: Sun, 2 Nov 2003 07:40:14 +0100
Cc: misc@openbsd.org
Content-Disposition: inline
References: <200311011552.27616.aschlemm@comcast.net>
User-Agent: Mutt/1.4i

On Sat, Nov 01, 2003 at 03:52:27PM -0800, Anthony Schlemmer wrote:
> access to all systems outside my network, and local access is limited 
> to name service and SSH on the gateway with all access denied to the 
> internal network on sis0 without being logged into the gateway.

Note that if your 'name service' that you offer to not authenticated users is
really a resolver that looks up domain names served by external DNS servers,
this is a potential hole of misuse. See <http://nstx.dereference.de> for a dns
tunnel implementation that can be used for tunneling through DNS. If anyone is
interested to use it in OpenBSD it needs some trivial patches.

/magnus

-- 
http://x42.com

Follow-Ups:
- Re: OpenBSD 3.4: authpf problem
  - From: Anthony Schlemmer <aschlemm@comcast.net>

References:
- OpenBSD 3.4: authpf problem
  - From: Anthony Schlemmer <aschlemm@comcast.net>

Prev by Date: Re: OpenBSD 3.4: authpf problem
Next by Date: Re: OpenBSD 3.4: authpf problem
Prev by thread: Re: OpenBSD 3.4: authpf problem
Next by thread: Re: OpenBSD 3.4: authpf problem
Index(es):
- Date
- Thread