RE: ssh tunneling to bypass web proxy rules

["Conlan Adams" <conlan () midwesteyebanks org>]

Here is a quick and dirty write up showing what he is doing.

http://lukeolbrish.com/tiki-print_article.php?articleId=1

Long story short, you can use a SSH server as a socks proxy for whatever
you want through your SSH tunnel.

Easiest ways to stop him...

1.  Fire him
2.  Find out where he is connecting, and ban the IP (if the server is
dhcp like a home computer and cable modem, this wont work well)
3.  Using group policy to forbid proxy changes via Internet Explorer,
and the associated registry keys (this can be circumvented by using
another browser)
4.  Block all internet access to him at the firewall, allowing only
certain services via proxy (Web only really, would work well, but
requires more work on your part)
5.  Fire him

Don't bother blocking port 22 though, as he can just use another port.  
The best solution to this is to treat it administratively, get him in
trouble, ideally fired.  He's circumventing network security and most
technical means that you have to stop him can be circumvented by a
person who knows what he's doing, restrict more than most admins want
to, or require prohibitive amounts of work.

Conlan

-----Original Message-----
From: Juan B [mailto:juanbabi () yahoo com] 
Sent: Sunday, August 21, 2005 9:04 AM
To: security basics
Subject: ssh tunneling to bypass web proxy rules

Hi,

Someone told me one can pass web proxy restrictions by
tunnling throw ssh to restricted web sites like web
mail sites in our corporate network.I really whant to
know how he is doing that but I dont know where and
how to test it, and he of course doesnt tell.

I need to close this hole in the network.

can someone give me a hand please.

Juan.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com