Re: ssh tunnelling

[Joe McCray <joe () rootwars org>]

OOOOOO this looks like a fun one. When I was a Systems Administrator we used to 
run Websense. One of the features that it had was proxy avoidance. So you want 
to find out if "Proxy Avoidance" is enabled. I would check this before you 
start getting into all of the local port redirection stuff. Just see if you can 
get to websites like anonymizer.com and other proxying sites. This is going to 
be the first thing that your more savvy users will try. Websense is actually a 
decent product, and when it's really locked down it's tough to get around.

As far as port redirection it's more commonly used by attackers to access hosts 
behind filtering devices such as routers or firewalls. 

Example:
You compromise a webserver and you now have command line control over it. You 
realize that the database server only accepts connections from the webserver 
that you are on. It is otherwise inaccessible from the internet. So you set up 
your port redirection for port 80 or 8080 to the IP address of the database 
server port 1433. So now when you send commands to port 80 of the webserver 
they are redirected to port 1433 of the database server.

=============

If you are already on the local LAN, and you just want to get out to a box that 
you control you might want to consider running SSH, MS Terminal Server, or 
whatever application it is on ports like 21, 25, 80, or 8080. This will usually 
be allowed out of most networks. 

I've never used PacketShape so I don't know how it would handle ssh traffic 
going to port 80 for example.

Joe McCray
joe () rootwars org
http://www.rootwars.org
Hacking Games   Hands-on Courses   HackLab Access



Quoting Kampanellis John <ikampa () softlab ntua gr>:

> Hi!
>
> I am about to write the security policy of a media group as part of my
> intersnhip.
> Among other things I want to check their actuall security.
> The group uses websense and packetshape. The first to prevent users  from
> visiting restricted sites and the second to "cut" applications such as
> ICQ,P2P etc.
>
> I thought that a good idea would be to create a SSH tunnel with the outside
> world and try to pass the traffic trough the tunnel, and check if that
> enables me (or any user)  to bypass the filters mentionned above in order to
> use and visit restricted programmes and web sites respectevily.
>
> I try to do port forwarding :
>
> ssh2 -L 8000:local_host_IP:50000 username@remotehost
>
> then I am not so sure what to do. For IE I declare as proxy my IP with port
> 8000 (for the example above). I did the same thing with msn. However, it
> doesn't seems to work.
>
> Any ideas?
> Thnx
>
>
> ---------------------------------------------------------------------------
> Captus Networks 
> Are you prepared for the next Sobig & Blaster? 
>  - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
>  - Precisely Define and Implement Network Security 
>  - Automatically Control P2P, IM and Spam Traffic 
> FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
> http://www.captusnetworks.com/ads/42.htm
> ----------------------------------------------------------------------------


---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------