Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: bypassing employer s proxy to surf anonymously

From: "Craig Wright" <cwright () bdosyd com au>
Date: Wed, 14 Jun 2006 09:29:15 +1000

SSH is easy to detect. It starts by advertising that it is SSH and the version - all in clear text.
 
Making SSH run over 443 is not going to stop detection if it is being looked for, 
 
Craig

        -----Original Message----- 
        From: Mario Platt [mailto:mplatt () gmail com] 
        Sent: Wed 14/06/2006 8:23 AM 
        To: misiu_ () gmx de 
        Cc: pen-test () securityfocus com 
        Subject: Re: bypassing employer s proxy to surf anonymously
        
        
        Hi,
        
        Yes, it's "harder to detect" as in "there are fewer chances of this
        being monitored than anything else, but it's really quite simple to
        detect. If you have some firewall that analyzes data commands being
        sent over well known port numbers, an SSH tunnel over 443 IS quite
        different from an HTTPS connection.
        
        On 6/13/06, misiu <misiu_ () gmx de> wrote:
        > gimeshell () web de schrieb:
        > >
        > > Perhaps there is some technique to hide data in unsuspicious packets?
        > >
        > > regards,
        > > gimeshell
        > >
        >
        > I would run sshd at port 443 (https)
        > And use on the client machine http://www.agroman.net/corkscrew/ <http://www.agroman.net/corkscrew/> 
        > For me it is the best, to hide traffic. Its all based on SSL.
        > HTTPS and SSH
        > It is harder to detect, as far as I know, noone monitors remote-server
        > IP's. Or?
        >
        > M
        >


Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy.  

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.
Previous By Date Next
Previous By Thread Next

Current thread: