Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

FW: Tunelling RDP traffic over HTTP proxies.

From: "Jeroen van Meeuwen" <kanarip () pczone-clan nl>
Date: Thu, 24 Nov 2005 22:32:31 +0100
This issue was resolved in private.

Thanks for all your replies.

Kind regards,

Jeroen van Meeuwen

--
kanarip


-----Original Message-----
From: Steve McLaughlin [mailto:Steve.McLaughlin () aggreko co uk]
Sent: Thursday, November 24, 2005 18:22
To: Jeroen van Meeuwen
Subject: RE: Tunelling RDP traffic over HTTP proxies.

Ah,

Disco!

I am using localhost as the destination now and it works!

Thanks Jeroen!

Steve


-----Original Message-----
From: Jeroen van Meeuwen [mailto:kanarip () pczone-clan nl]
Sent: 24 November 2005 17:02
To: Steve McLaughlin
Subject: RE: Tunelling RDP traffic over HTTP proxies.

Steve,

you could verify the tunnel by doing a netstat -an at both ends. This
could
be a firewall issue, that is, on one of both ends of the tunnel.

Kind regards,

Jeroen van Meeuwen

--
kanarip


-----Original Message-----
From: Steve McLaughlin [mailto:Steve.McLaughlin () aggreko co uk]
Sent: Thursday, November 24, 2005 17:53
To: Jeroen van Meeuwen
Subject: RE: Tunelling RDP traffic over HTTP proxies.

Connection refused occurs when I try to use VNC viewer normally for
example.
This is after I have connected to a bash shell with the Tunnel

settings

in PuTTY

Any suggestions?

Steve


-----Original Message-----
From: Jeroen van Meeuwen [mailto:kanarip () pczone-clan nl]
Sent: 24 November 2005 12:55
To: Steve McLaughlin
Cc: security-basics () securityfocus com; pen-test () securityfocus com
Subject: RE: Tunelling RDP traffic over HTTP proxies.

Hi Steve,

If port 443 is open, this enables you to tunnel any protocol. I'm
confused
with you saying you need to authenticate with the proxy server first.
That
would mean only port 80 and 443 outbound _from the proxy_ is allowed
through
the firewall. If that proxy only supports Kerberos authentication, I
don't
know what shell client you could use.

Anyway, here's the setup I currently use: I have an outside Linux box
with
SSHd on port 443, to which I log in using PuTTY, via an ISA 2004

proxy,

with
Basic proxy authentication. Tunneling is an option in PuTTY, so that's
what
I use to tunnel my IMAP, RDP, VNC and SMTP.

To get it working in your case, I'ld first verify if it's only the

proxy

that is allowed through the firewall, and whether you are able to let
PuTTY
authenticate to the proxy.

Kind regards,

Jeroen van Meeuwen

--
kanarip


-----Original Message-----
From: Steve McLaughlin [mailto:Steve.McLaughlin () aggreko co uk]
Sent: Thursday, November 24, 2005 12:27
To: Jeroen van Meeuwen
Subject: RE: Tunelling RDP traffic over HTTP proxies.

I want to RDP or VNC into my box back home, and we only have port 80

and

443 open on the Firewall outbound and traffic first has to

authenticate

through an ISA proxy with Kerberos authentication.

Steve


-----Original Message-----
From: Jeroen van Meeuwen [mailto:kanarip () pczone-clan nl]
Sent: 23 November 2005 19:55
To: Steve McLaughlin; 'Richard Zaluski'; 'Jason T. Hallahan';
security-basics () securityfocus com; pen-test () securityfocus com
Subject: RE: Tunelling RDP traffic over HTTP proxies.

Hi Steve,

Is it just a HTTP proxy (which possibly has a web proxy filter, like

for

example ISA Server 2004, or a Squid / ASA implementation), or is it
capable
of HTTPS as well?

Does it support Basic authentication or is it Windows Integrated

(NTLM,

Kerberos, Negotiate)?

Kind regards,

Jeroen van Meeuwen

--
kanarip


-----Original Message-----
From: Steve McLaughlin [mailto:Steve.McLaughlin () aggreko co uk]
Sent: Wednesday, November 23, 2005 17:45
To: Richard Zaluski; Jason T. Hallahan;

security-basics () securityfocus com;
pen-

test () securityfocus com
Subject: Tunelling RDP traffic over HTTP proxies.

Hi list,

Does anyone know of any solutions for tunnelling RDP traffic

through

an

HTTP proxy?

Thanks in  Advance,
Steve

Visit us at http://www.aggreko.com

Confidentiality Notice:  This communication and any accompanying

attachments

contain confidential information intended for a specific

individual

and
purpose.

This communication is private and protected by law.  If you are

not

the
intended

recipient, you are hereby respectfully notified that any

disclosures,

copying,

forwarding or distribution, or the taking of any action based on

the

contents of

this communication is strictly prohibited.







___________________________________________________________________

__
This email has been scanned by the MessageLabs Email Security

System.

For more information please visit http://www.messagelabs.com/email






___________________________________________________________________

___







___________________________________________________________________

___

This email has been scanned by the MessageLabs Email Security

System.





___________________________________________________________________

___

Visit us at http://www.aggreko.com

Confidentiality Notice:  This communication and any accompanying

attachments

contain confidential information intended for a specific individual

and
purpose.

This communication is private and protected by law.  If you are not

the
intended

recipient, you are hereby respectfully notified that any

disclosures,

copying,

forwarding or distribution, or the taking of any action based on the

contents of

this communication is strictly prohibited.





___________________________________________________________________

__
This email has been scanned by the MessageLabs Email Security

System.

For more information please visit http://www.messagelabs.com/email




___________________________________________________________________

___





___________________________________________________________________

___

This email has been scanned by the MessageLabs Email Security System.


___________________________________________________________________

___

Visit us at http://www.aggreko.com

Confidentiality Notice:  This communication and any accompanying

attachments

contain confidential information intended for a specific individual

and
purpose.

This communication is private and protected by law.  If you are not

the
intended

recipient, you are hereby respectfully notified that any disclosures,

copying,

forwarding or distribution, or the taking of any action based on the

contents of

this communication is strictly prohibited.



___________________________________________________________________

__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email


___________________________________________________________________

___



___________________________________________________________________
___

This email has been scanned by the MessageLabs Email Security System.
___________________________________________________________________
___

Visit us at http://www.aggreko.com

Confidentiality Notice:  This communication and any accompanying

attachments

contain confidential information intended for a specific individual and

purpose.

This communication is private and protected by law.  If you are not the

intended

recipient, you are hereby respectfully notified that any disclosures,

copying,

forwarding or distribution, or the taking of any action based on the

contents of

this communication is strictly prohibited.

___________________________________________________________________
__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
___________________________________________________________________
___
Previous By Date Next
Previous By Thread Next

Current thread: