Security Basics mailing list archives

Re: file transfer over outbound port 80?

From: Jon Hart <warchild () spoofed org>
Date: Fri, 8 Aug 2003 11:55:34 -0400

On Thu, Aug 07, 2003 at 06:08:13PM -0700, Dana Epp wrote:

I actually do this right now. I simply set my ssh daemon on port 80, and use
scp to covertly bypass most standard firewalls. Unless they do payload
inspection, you can normally pierce the firewall fine in this manner.

ie: scp -P 80 user () corp sshd-server com:/get/some/file/ .

Short of that, you could probably simply redirect a HTTPS stream on port 80,
and use some sort of auth to your main server and upload/download via that
protocol. A lot more work... and not as flexible as the SSH method.

One thing to consider is that some firewalls may be using a transparent
proxy, and you might only be getting through by that proxy. If this is the
case, there is a good chance these methods will not work for you.


In cases where they do use payload inspection, give corkscrew a shot:

http://www.agroman.net/corkscrew/

hth,

-jon

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

file transfer over outbound port 80? abe vigoda (Aug 07)
- Re: file transfer over outbound port 80? Sebastian Schneider (Aug 07)
- Re: file transfer over outbound port 80? Dana Epp (Aug 08)
  - Re: file transfer over outbound port 80? Jon Hart (Aug 08)
- <Possible follow-ups>
- RE: file transfer over outbound port 80? Tony Kava (Aug 07)
- RE: file transfer over outbound port 80? Michael Dunn (Aug 07)
- Re: file transfer over outbound port 80? JM (Aug 08)
- RE: file transfer over outbound port 80? Meidinger Chris (Aug 08)
- RE: file transfer over outbound port 80? Nero, Nick (Aug 08)