[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSH thru HTTP? Sounds backwards.

I agree with Jared as well.  Policy is the best option.  What I described 
below is only two ways to do it.

On Mon, 13 Oct 2003 duane@xxxxxxxxxxx wrote:

> Yes it is possible and they can bypass any proxies in the middle.  Someone 
> I know actually set that up so that their friend could bypass the 
> restrictions of their ISP.  A person can setup an Apache server as a proxy 
> on a remote site and have it accept connections from the local interface: 
> 127.0.0.1.  Then someone who has an account on that server can ssh in like 
> this:
> 
> ssh -C -L 1080:127.0.0.1:80 <remote server>
> 
> Then they can set their browser's proxy settings to: 127.0.0.1 port 1080
> 
> then anywhere they surf on the Internet will be over that SSH connection 
> and through the remote server running the Apache proxy.
> 
> They could also use a program like cgiproxy to bypass the proxy at their 
> organization if they use SSL or use the same situation above.
> 
> The way to catch it is to watch for continuous or frequent SSH streams to 
> a remote server outside the user's organization.
> 
> On Mon, 13 Oct 2003, Bernard Hoffman wrote:
> 
> > Hello all.
> > 
> > A colleague asked me a question that I was unable to answer, so I thought
> > one of you might be able to help.
> > 
> > He asked me "is it possible for someone inside my organization to twart
> > security by ssh tunneling thru my HTTP proxy server to a destination SSH
> > server listening on port 80".  I don't know what http proxy he's running and
> > we didn't talk about SSL or 443 proxy - I'm assuming the same rules would
> > apply.
> > 
> > My initial reaction was "no, it's not a hole", but then I thought about some
> > "less intelligent" proxies that don't inspect packet content... and that was
> > the end of my expertise.
> > 
> > Is it possible?  or better question, is it likely?
> > -=Berns
> > 
> > 
> > ------
> > Bernard Hoffman
> > Captive Capital Corp.  (f.k.a. eMarket Capital, Inc.)
> > http://www.captivecorp.com
> > 
> > 
> > 
> > 
> 
> 

-- 
duane

while [ !sleep ]

  sheep++ ;

// Articles and stuff
http://www.sukkha.info

------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.

[Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Video for Linux]     [Bugtraq]     [USB]     [Fedora Security]

Add to Google Powered by Linux