RealPlayer and RH6.1 revisited

Derek Atkins warlord at MIT.EDU
Wed Feb 16 14:01:17 EST 2000


If you allow any real-time protocol through your firewall, someone can
tunnel through it.  It's a fact of life.  If you allow telnet, ssh,
http, even nntp or smtp, it can be used to tunnel another protocol.
If you want to disable tunneling, unplug yourself from the 'net.  If
that isn't an option, then you're going to have to use social means to
prevent people from doing it.

-derek

Ron Peterson <rpeterson at yellowbank.com> writes:

> 
> Derek Martin wrote:
> 
> > What I had to do was go into preferences and set my transport to "always
> > use HTTP" and then it worked fine.
> 
> Speaking of realaudio on port 80, does anyone know of any stateful
> inspection tools that run on Linux that would be able to block this?  I
> have half a T1 for my office for about 60 people.  I've got packet
> filtering in place, but nothing to block tunneled traffic like this. 
> Any ideas?
> 
> BTW - I'm not conspiring against Derek. ;-)  I have nothing against
> realaudio - I use it myself.  Just not at the office.
> 
> Ron Peterson
> rpeterson at yellowbank.com (home)
> rpeterson at wallacefloyd.com (work)
> -
> Subcription/unsubscription/info requests: send e-mail with
> "subscribe", "unsubscribe", or "info" on the first line of the
> message body to discuss-request at blu.org (Subject line is ignored).

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/      PP-ASEL      N1NWH
       warlord at MIT.EDU                        PGP key available
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).



More information about the Discuss mailing list