Security Basics mailing list archives
RE: ssh tunnelling
From: "Bergeron, Jared" <jared.bergeron () office xerox com>
Date: Mon, 15 Sep 2003 10:25:44 -0700
SSH tunneling is a concern of mine as well. With the proper "End Point" you can basically bypass anything you need to. I suppose the same would apply to stunnel and other ssl tunneling apps For example I have Wingate on the remote machine. This listens for www and socks 5 (these are all I seem to need but will also do ftp, dns, etc). All I have to do is tunnel those ports and I can run web thru that proxy and any socks5 clients (IM, IRC, etc) I can run thru there as well. I also have 1494 tunneled to a citrix box at home for anything else I need. Granted the citrix port is less of a risk because the "payload" is just screen changes and mouse movements, but does provide a productivity and data exchange concern. Its scary... Jared Bergeron -----Original Message----- From: Joe McCray [mailto:joe () rootwars org] Sent: Friday, September 12, 2003 6:14 PM To: security-basics () securityfocus com OOOOOO this looks like a fun one. When I was a Systems Administrator we used to run Websense. One of the features that it had was proxy avoidance. So you want to find out if "Proxy Avoidance" is enabled. I would check this before you start getting into all of the local port redirection stuff. Just see if you can get to websites like anonymizer.com and other proxying sites. This is going to be the first thing that your more savvy users will try. Websense is actually a decent product, and when it's really locked down it's tough to get around. As far as port redirection it's more commonly used by attackers to access hosts behind filtering devices such as routers or firewalls. Example: You compromise a webserver and you now have command line control over it. You realize that the database server only accepts connections from the webserver that you are on. It is otherwise inaccessible from the internet. So you set up your port redirection for port 80 or 8080 to the IP address of the database server port 1433. So now when you send commands to port 80 of the webserver they are redirected to port 1433 of the database server. ============= If you are already on the local LAN, and you just want to get out to a box that you control you might want to consider running SSH, MS Terminal Server, or whatever application it is on ports like 21, 25, 80, or 8080. This will usually be allowed out of most networks. I've never used PacketShape so I don't know how it would handle ssh traffic going to port 80 for example. Joe McCray joe () rootwars org http://www.rootwars.org Hacking Games Hands-on Courses HackLab Access Quoting Kampanellis John <ikampa () softlab ntua gr>:
Hi! I am about to write the security policy of a media group as part of my intersnhip. Among other things I want to check their actuall security. The group uses websense and packetshape. The first to prevent users from visiting restricted sites and the second to "cut" applications such as ICQ,P2P etc. I thought that a good idea would be to create a SSH tunnel with the outside world and try to pass the traffic trough the tunnel, and check if that enables me (or any user) to bypass the filters mentionned above in order to use and visit restricted programmes and web sites respectevily. I try to do port forwarding : ssh2 -L 8000:local_host_IP:50000 username@remotehost then I am not so sure what to do. For IE I declare as proxy my IP with port 8000 (for the example above). I did the same thing with msn. However, it doesn't seems to work. Any ideas? Thnx --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
--------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- ssh tunnelling Kampanellis John (Sep 12)
- Re: ssh tunnelling Joe McCray (Sep 15)
- RE: ssh tunnelling Dave Falloon (Sep 25)
- <Possible follow-ups>
- RE: ssh tunnelling Bergeron, Jared (Sep 15)