From owner-freebsd-security Fri Nov 24 08:54:31 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id IAA04241 for security-outgoing; Fri, 24 Nov 1995 08:54:31 -0800 Received: from sivka.carrier.kiev.ua (root@sivka.carrier.kiev.ua [193.125.68.130]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id IAA04195 for ; Fri, 24 Nov 1995 08:54:13 -0800 Received: from elvisti.kiev.ua (uucp@localhost) by sivka.carrier.kiev.ua (Sendmail 8.who.cares/5) with UUCP id SAA02576 for security@freebsd.org; Fri, 24 Nov 1995 18:56:57 +0200 Received: from office.elvisti.kiev.ua (office.elvisti.kiev.ua [193.125.28.33]) by spider2.elvisti.kiev.ua (8.6.12/8.ElVisti) with ESMTP id SAA26296 for ; Fri, 24 Nov 1995 18:04:57 +0200 Received: (from stesin@localhost) by office.elvisti.kiev.ua (8.6.12/8.ElVisti) id SAA13149; Fri, 24 Nov 1995 18:04:55 +0200 From: "Andrew V. Stesin" Message-Id: <199511241604.SAA13149@office.elvisti.kiev.ua> Subject: Re: I wonder how much trouble something like this would be to do? :) To: jkh@time.cdrom.com (Jordan K. Hubbard) Date: Fri, 24 Nov 1995 18:04:55 +0200 (EET) Cc: security@freebsd.org In-Reply-To: <1867.817224017@time.cdrom.com> from "Jordan K. Hubbard" at Nov 24, 95 06:40:17 am X-Mailer: ELM [version 2.4 PL24alpha5] Content-Type: text Content-Length: 1119 Sender: owner-security@freebsd.org Precedence: bulk # # Someone sent me this. It sounds like "one of those really simple # engineering ideas that marketing got ahold of and hyped the heck # outta" but still - I can think of more than a few MIS managers who'd # just eat this up. # # Jordan # ---- # UG565-07 DEC's SECURE INTERNET ROUTE # # Tunneling - transporting data from one point to another # encapsulated in wrapper packets - is a networking technique # that's been around for some years. Claiming to have its neck [...] So, we have two firewalled networks; each has a "tunelling proxy", which accepts connections from inside, and another -- from the outside (or may this be a single proxy program?) and -- voila, wer'e Ok, we have a secure channel over an insecure network? And we can have a single RFC#1597 network (or better to say a piece of address space), closed to the world, splitted into a few parts but transparently connected via a tunneled secure channels? Simple and cool. -- With best regards -- Andrew Stesin. +380 (44) 2760188 +380 (44) 2713457 +380 (44) 2713560 An undocumented feature is a coding error.