[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSH thru HTTP? Sounds backwards.



Yes it is possible and they can bypass any proxies in the middle.  Someone 
I know actually set that up so that their friend could bypass the 
restrictions of their ISP.  A person can setup an Apache server as a proxy 
on a remote site and have it accept connections from the local interface: 
127.0.0.1.  Then someone who has an account on that server can ssh in like 
this:

ssh -C -L 1080:127.0.0.1:80 <remote server>

Then they can set their browser's proxy settings to: 127.0.0.1 port 1080

then anywhere they surf on the Internet will be over that SSH connection 
and through the remote server running the Apache proxy.

They could also use a program like cgiproxy to bypass the proxy at their 
organization if they use SSL or use the same situation above.

The way to catch it is to watch for continuous or frequent SSH streams to 
a remote server outside the user's organization.

On Mon, 13 Oct 2003, Bernard Hoffman wrote:

> Hello all.
> 
> A colleague asked me a question that I was unable to answer, so I thought
> one of you might be able to help.
> 
> He asked me "is it possible for someone inside my organization to twart
> security by ssh tunneling thru my HTTP proxy server to a destination SSH
> server listening on port 80".  I don't know what http proxy he's running and
> we didn't talk about SSL or 443 proxy - I'm assuming the same rules would
> apply.
> 
> My initial reaction was "no, it's not a hole", but then I thought about some
> "less intelligent" proxies that don't inspect packet content... and that was
> the end of my expertise.
> 
> Is it possible?  or better question, is it likely?
> -=Berns
> 
> 
> ------
> Bernard Hoffman
> Captive Capital Corp.  (f.k.a. eMarket Capital, Inc.)
> http://www.captivecorp.com
> 
> 
> 
> 

-- 
duane

while [ !sleep ]

  sheep++ ;

// Articles and stuff
http://www.sukkha.info

------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.


[Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Video for Linux]     [Bugtraq]     [USB]     [Fedora Security]

Add to Google Powered by Linux