[AusNOG] Firewall authentication from Telstra 3G connections
Eric Pinkerton
Eric.Pinkerton at stratsec.net
Mon Jun 18 10:09:36 EST 2012
More to the point, depending on your APN etc, Many if not the majority of Telstra 3G connections get Natted, so by using firewall auth externally to permit traffic based upon IP, you could potentially expose your services to other Telstra 3G users. This goes for any users using this service from a connection that is natted, which might be an extensive list.
We are for the most part talking a very conceptual, planets aligning sort of scenario here, but I would strongly suggest making use of a proper VPN, and only using firewall auth internally.
Regards
Eric Pinkerton
Principal Consultant
STRATSEC.NET PTY LTD
From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of James Sutherland
Sent: Friday, 15 June 2012 12:52 PM
To: ausnog at ausnog.net
Subject: [AusNOG] Firewall authentication from Telstra 3G connections
Hi Ausnog,
In the past couple of weeks we have started seeing issues with customers connecting to firewall-authentication-protected servers via Telstra 3G. From any other connection you browse to the gateway, enter username and password, and the firewall temporarily opens the required ports just for the IP you connected from. Recently though, from Telstra 3G connections, it seems that http traffic to the authentication page is sourced from a different IP to FTP, SSH etc traffic so the cached authenticated IP doesn't match the traffic's source IP and is dropped. This has been confirmed with several different firewalls and customers. Has anyone else seen this or could shed some light on it?
Kind regards,
James
Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering.
http://www.mailguard.com.au/mg
Report this message as spam<https://login.mailguard.com.au/report/1EWyUYqQ5m/1f3YsxLFP8pcuajTjrbDrz/0.002>
--
Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering.http://www.mailguard.com.au/mg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20120618/77421b5a/attachment.html>
More information about the AusNOG
mailing list