Security Basics mailing list archives
Re: ssh tunneling to bypass web proxy rules
From: Alexander Klimov <alserkli () inbox ru>
Date: Tue, 23 Aug 2005 10:43:53 +0300 (IDT)
On Sun, 21 Aug 2005, Juan B wrote:
Someone told me one can pass web proxy restrictions by tunnling throw ssh to restricted web sites like web mail sites in our corporate network.I really whant to know how he is doing that but I dont know where and how to test it, and he of course doesnt tell.
man ssh: -L port:host:hostport Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to the port on the local side. Then, whenever a connection is made to this port, the connection is forwarded over the secure channel and a connection is made to host port hostport from the remote machine. Port forwardings can also be specified in the confi- guration file. So you need to: o start a proxy (e.g., privoxy) on the remote host, o connect with ssh using port forwarding, and o setup local web browser to use localhost:forwarded-port as a proxy.
I need to close this hole in the network.
If you allow ssh connections to external hosts there is no way to close such `hole.' Note that if you use a black list of `bad' sites (and not a white list of allowed web servers) somebody can as easily use an external http proxy (BTW, even with a white list the google cache can be used to read `bad' sites). So you best choice is just to ignore this `problem.' -- Regards, ASK
Current thread:
- ssh tunneling to bypass web proxy rules Juan B (Aug 22)
- Re: ssh tunneling to bypass web proxy rules Alexander Klimov (Aug 23)
- Re: ssh tunneling to bypass web proxy rules Par Leijonhufvud (Aug 24)
- Re: ssh tunneling to bypass web proxy rules Saqib Ali (Aug 23)
- Re: ssh tunneling to bypass web proxy rules Gonzalo Martinez (Aug 23)
- Re: ssh tunneling to bypass web proxy rules Sagiko (Aug 23)
- Re: ssh tunneling to bypass web proxy rules James Leighe (Aug 23)
- Re: ssh tunneling to bypass web proxy rules William Hile (Aug 23)
- Re: ssh tunneling to bypass web proxy rules Oliver Leitner (Aug 24)
- Re: ssh tunneling to bypass web proxy rules Times Enemy (Aug 24)
- Re: ssh tunneling to bypass web proxy rules Barrie Dempster (Aug 24)
- <Possible follow-ups>
- RE: ssh tunneling to bypass web proxy rules Kirk Brady (Aug 23)
(Thread continues...)
- Re: ssh tunneling to bypass web proxy rules Alexander Klimov (Aug 23)