[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The SKRONK protocols (version 0.6)

To: Matthew J Ghio <[email protected]>
Subject: Re: The SKRONK protocols (version 0.6)
From: "Perry E. Metzger" <[email protected]>
Date: Sun, 05 Feb 1995 19:48:35 -0500
Cc: [email protected]
In-Reply-To: Your message of "Sun, 05 Feb 1995 19:29:07 EST." <[email protected]>
Reply-To: [email protected]
Sender: [email protected]

Matthew J Ghio says:
> "Perry E. Metzger" <[email protected]> writes:
> 
> > Pardon but... why? Whats the reason for wanting to do this?
> > 
> > If a firewall has been set up to stop UDP, then it should stop UDP. If
> > the firewall has not been set up to stop UDP, or has a mechanism like
> > the experimental versions of "socks" currently being played with that
> > relay UDP, then there is no reason to want to do the above. I don't
> > really understand what the idea is here.
> 
> Presumably you would only let trusted people tunnel through your firewall.

Fine -- then packet filter on your firewall. Of course, you can't
really trust the IP addresses anyway -- you need something IPSP-like
if you actually want to trust outside hosts (swIPe does nicely as a
stopgap). And even if one wanted to move packets through a firewall
over TCP, why use SLIP encapsulation? It was designed for unreliable
links -- on a reliable link, you can save lots of grief by just
sending the packet -- total length of an IP datagram is included
inside the datagram, thus rendering further encapsulation unnecessary.

Perry

References:
- Re: The SKRONK protocols (version 0.6)
  - From: Matthew J Ghio <[email protected]>

Prev by Date: Re: The SKRONK protocols (version 0.6)
Next by Date: "encrypt tcp connections" hacks
Prev by thread: Re: The SKRONK protocols (version 0.6)
Next by thread: Re: The SKRONK protocols (version 0.6)
Index(es):
- Date
- Thread