Firewall Wizards mailing list archives

Re: potential ssh attack

From: "Ge' Weijers" <ge () progressive-systems com>
Date: Mon, 14 Jun 1999 11:58:13 -0400

On Wed, Jun 09, 1999 at 02:49:36AM -0400, Matt Dunn wrote:


      attacker1:#  ssh -R 345:target.machine.com:25 127.0.0.1


This command actually does the following: if you connect to port 345
on the machine you're connected to (127.0.0.1) your connection will be
forwarded to target.machine.com:25. This is more or less equivalent to 
'telnet target.machine.com 25', because you're already on that box.

ssh does not forward a connection anywhere unless you succesfully
authenticate on the target machine. -L puts the source port on the
local machine, -R puts it on the remote machine. Port forwarding does
not give you any capabilities you would not have already.

Ge'


-- 
-
Ge' Weijers                                Voice: (614)326 4600
Progressive Systems, Inc.                    FAX: (614)326 4601
2000 West Henderson Rd. Suite 400, Columbus OH 43220

Current thread:

potential ssh attack Matt Dunn (Jun 14)
- Re: potential ssh attack Michael Barkett (Jun 15)
- Re: potential ssh attack Ge' Weijers (Jun 15)
- <Possible follow-ups>
- Re: potential ssh attack Barney Wolff (Jun 15)