[6bone] Re: Internal Address Space

Michel Py michel@arneill-py.sacramento.ca.us
Tue, 21 May 2002 09:09:34 -0700


> Stephen Degler wrote:
> Private addresses and a proxy won't help you against these methods
> either, as long as http connect methods are permitted by the proxies.

Correct, but they do make the hacker's task a little more difficult as
the malicious code has to figure out the proxy settings and encapsulate
its own stuff into http requests.

Security is not a single thing, and the more obstacles you put in the
hacker's way the more secure you are. A good setup is a combination of
multiple methods including but not limited to stateful firewalls. I have
seen generic mechanisms to bypass stateful firewalls, I have not seen
any to go trough proxies yet.

Michel.