> > What you describe just proves how clueless many corporations are. > First they overload any concievable service on port 80 (what happend > to the other 16K tcp/udp ports?) than they find that they need > to make content filtering so only "good" http goes in. >
The main idea behind a firewall is not to prevent rogue outgoing communication (this is usually pointless; you can do full IP tunneling over ICMP packets if you wish) but to prevent incoming traffic to various services. For example, you may have an Intranet web server that should only be accessible from inside the network, but nobody from the outside should access it. The fact that administrators (ab)use it to block various services from internal users (and then those users find "clever" ways to bypass these restrictions) is another topic altogether - but the ones that are overloading services on port 80 are not the corporates, but rather than client-side utilities which want to bypass f/w restrictions. Thanks, Aviram Jenik Beyond Security Ltd. http://www.BeyondSecurity.com http://www.SecuriTeam.com Know that you're safe: http://www.AutomatedScanning.com ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
