From: “Perry E. Metzger” <perry@imsi.com>
To: Matthew J Ghio <mg5n+@andrew.cmu.edu>
Message Hash: 864f7855f06451fde8797aca49ab4c72b06855b0894ff313040fc4356822a4f0
Message ID: <9502060048.AA03181@snark.imsi.com>
Reply To: <sjBKpHm00bkP0bX0Yx@andrew.cmu.edu>
UTC Datetime: 1995-02-06 00:48:44 UTC
Raw Date: Sun, 5 Feb 95 16:48:44 PST
From: "Perry E. Metzger" <perry@imsi.com>
Date: Sun, 5 Feb 95 16:48:44 PST
To: Matthew J Ghio <mg5n+@andrew.cmu.edu>
Subject: Re: The SKRONK protocols (version 0.6)
In-Reply-To: <sjBKpHm00bkP0bX0Yx@andrew.cmu.edu>
Message-ID: <9502060048.AA03181@snark.imsi.com>
MIME-Version: 1.0
Content-Type: text/plain
Matthew J Ghio says:
> "Perry E. Metzger" <perry@imsi.com> writes:
>
> > Pardon but... why? Whats the reason for wanting to do this?
> >
> > If a firewall has been set up to stop UDP, then it should stop UDP. If
> > the firewall has not been set up to stop UDP, or has a mechanism like
> > the experimental versions of "socks" currently being played with that
> > relay UDP, then there is no reason to want to do the above. I don't
> > really understand what the idea is here.
>
> Presumably you would only let trusted people tunnel through your firewall.
Fine -- then packet filter on your firewall. Of course, you can't
really trust the IP addresses anyway -- you need something IPSP-like
if you actually want to trust outside hosts (swIPe does nicely as a
stopgap). And even if one wanted to move packets through a firewall
over TCP, why use SLIP encapsulation? It was designed for unreliable
links -- on a reliable link, you can save lots of grief by just
sending the packet -- total length of an IP datagram is included
inside the datagram, thus rendering further encapsulation unnecessary.
Perry
Return to February 1995
Return to “strick at The Yak <strick@yak.net>”