[ previous ] [ next ] [ threads ]
 
 From:  sai <sonicsai at gmail dot com>
 To:  "Sancho2k.net Lists" <lists at sancho2k dot net>
 Cc:  Adam Emery <subscribe at aehome dot net>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Feature request
 Date:  Mon, 4 Apr 2005 11:48:51 +0500
Personally I think that its  more secure to drop any packets  except
those that are wanted. This idea may make the usage more convenient
but its not really a good idea.

sai

On Apr 4, 2005 8:05 AM, Sancho2k.net Lists <lists at sancho2k dot net> wrote:
> Adam Emery wrote:
> > i was using the telnet/ssh thing as an example.  I don't understand why you
> > would want to do that.  Its sort of like webmin with ssl giving you a This
> > web server is running in SSL mode. Try the URL https://192.168.1.150:65530/
> > instead when you go to http instead of https.  I personally feel it is
> > better to lock everything down.  Again, that is just a personal thing.
> 
> We're arguing the same side of this without seeing it.
> 
> The idea *is* to lock it down. By redirecting explicitly connections on
> port 80 to port 443, you make it so there is no chance that the
> administrator will use the unencrypted channel. Call it another layer of
> security.
> 
> DS
> 
> 
> >
> > -----Original Message-----
> > From: Sancho2k.net Lists [mailto:lists at sancho2k dot net]
> > Sent: Sunday, April 03, 2005 8:53 PM
> > To: Adam Emery
> > Cc: m0n0wall at lists dot m0n0 dot ch
> > Subject: Re: [m0n0wall] Feature request
> >
> > Adam Emery wrote:
> >
> >>Don't take this the wrong way but why would you want to do this?  To me
> >
> > this
> >
> >>would be like changing a telnet or ssh port for security but having the
> >
> > box
> >
> >>accept it anyway.
> >
> >
> > I think you're misunderstanding (or else I am.) It seems they want to
> > redirect connections to the web interface that would go to port 80
> > (cleartext) to port 443 (https). A 403 style redirect. Not just have it
> > listen on a different port.
> >
> > It is a sound idea, that way you can enforce admin access over SSL.
> >
> > DS
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>