Checking if the network has changed

Alex Tweedly alex at tweedly.net
Thu Apr 20 20:05:58 EDT 2006


Dave Cragg wrote:

>>
>> One possible approach : provide a service on the proxy which can be  
>> firewalled such that it is not reachable from "the Internet" (this  
>> is very likely very easy - most corporations firewall as much as  
>> they can, so simply an echo server on a suitable (perhaps UDP) port  
>> would do).  The client starts by trying to reach that service - and  
>> if it gets a response, then it must be on the corporate net; if  not, 
>> it is elsewhere and shouldn't try to use the proxy.
>
>
> Would a dns lookup on the proxy server (assuming it uses a name and  
> not a number) achieve the same? The main reason for hosting this  
> externally was to avoid reliance on internal IT as much as possible.

Hard to say .... depends on whether they run different DNS servers for 
internal vs external use.
Most larger corporations will - just to keep the externally visible 
namespace smaller and to gain a little bit of security by obscurity, and 
is trivial to check *currently*.
(just find some internal-only machine, let's say it is named "somename" 
and then do a "ping somename.company.com"   once from home and once from 
on-net and see what you get).

But that tells you what happens "right now" - doesn't reassure you that 
this is an IT policy that you can depend on, which is what you really 
want to know.  (OTOH, no IT department in history *ever* changes their 
policies in the direction of a more liberal one, so if they don't 
advertise all host names today, it's a reasonable bet they won't in 
future :-)


-- 
Alex Tweedly       http://www.tweedly.net



-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.4.4/318 - Release Date: 18/04/2006




More information about the use-livecode mailing list