Full Disclosure mailing list archives
Re:RE: By passing surf control
From: "Ian Latter" <Ian.Latter () mq edu au>
Date: Thu, 26 Feb 2004 11:34:59 +1000
The method I used to skip a bastion was (while still using HTTPS "CONNECT") to run pppd in inetd on 443/tcp ... then all you need to do is run the ppp client over the "telnet" session and you can fully route one organisation through another. At the time I used cotty to dup the tty at the client, but netcat should be better for this now. ----- Original Message -----
From: "Otero, Hernan (EDS)" <HOtero () lanchile cl> To: "Kudakwashe Chafa-Govha" <KChafa-Govha () bankunitedfla com>, "'pen-
test () securityfocus com'" <pen-test () securityfocus com>
Subject: [Full-disclosure] RE: By passing surf control Date: Wed, 25 Feb 2004 19:05:26 -0400 That is very easy if you can have a machine in the net with ssh server... With a standard proxy that support CONNECT METHOD (Typically HTTPS connections) using putty and a ssh server listening in port 443 you can forward any port via tunneling. Look at your logs looking for an endless HTTPS connection..., with tons of traffic. Regards, Hernán -----Original Message----- From: Kudakwashe Chafa-Govha [mailto:KChafa-Govha () bankunitedfla com] Sent: Miércoles, 25 de Febrero de 2004 17:04 To: 'pen-test () securityfocus com' Subject: By passing surf control Hello Group, Does anyone have any information on how to by pass a web content filter? We use Surf Control to monitor and filter web content. However, I have one of my users who was able to by pass this. We tried using a proxy to by pass just for testing purposes but it did not work. I am still trying to figure out what other method he used to do so. If anyone has any information , it will be greatly appreciated. Thanks Kuda **************************************************************************** ********************** The contents of this email and any attachments are confidential. It is intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately. Unless you are the intended recipient or his/her representative you are not authorized to, and must not, read, copy, distribute, use or retain this message or any part of it. **************************************************************************** ********************** --------------------------------------------------------------------------- ---------------------------------------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
-- Ian Latter Internet and Networking Security Officer Macquarie University _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: By passing surf control Otero, Hernan (EDS) (Feb 25)
- Re: RE: By passing surf control cdowns (Feb 25)
- Re: RE: By passing surf control Cedric Blancher (Feb 25)
- <Possible follow-ups>
- Re:RE: By passing surf control Ian Latter (Feb 25)
- Re: RE: By passing surf control cdowns (Feb 25)