[wplug] SSH bouncing.
Christopher DeMarco
cdemarco at fastmail.fm
Thu Aug 26 21:33:08 EDT 2004
On Thu, Aug 26, 2004 at 09:43:45AM -0400, Wise, Jeremey wrote:
> Just thought I would post this. It is really simple once you find
> out how to do it but has a lot of value for those occasions one
> needs such a feature as allowing someone shell access remotly. This
> process does NOT address the fact that you are likly violating
> security boundaries of corportate networks
Ah, so we've started the Stupid Pet Tricks thread >:)
You've illustrated nicely why the more draconian corporate firewalls
block outgoing SSH. They also block outgoing everything else, too,
forcing the poor plebs to use a web proxy to view an approved list of
work-related resources.
That is why we use...
...PROXYTUNNEL!
http://proxytunnel.sourceforge.net/
A proxy server can't open up an SSL-encrypted HTTP session to find out
where you're trying to connect. Hence most proxy servers support the
CONNECT method wherein they ferry your (presumably SSL-encrypted)
session to and fro between whoever you specify.
<evil grin>
So proxytunnel listens on your local box on port <whatever>, and
forwards connections to that port, wrapped in a nice HTTP CONNECT
request to yon proxy server. Squid says "Hm? CONNECT to
foo.bar.com:443? Why, sure thing!"
I did this quite happily behind the Evil Megacorp firewall for four
months (until I quit due to Insufferably Evil Soul-Crushing
Megacorporatism) to tunnel IMAPS and IRC. Stupid pet trick, indeed!
--
% You are in a maze of twisty passages, all alike.
Christopher DeMarco <cdemarco at fastmail.fm>
PGP public key ID 0x2E76CF5C @ pgp.mit.edu
+6013 389 5658
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://penguin.wplug.org/pipermail/wplug/attachments/20040827/3fdd1e05/attachment-0001.bin
More information about the wplug
mailing list