SSH thru HTTP? Sounds backwards.
From: Bernard Hoffman (bhoffman_at_CaptiveCorp.Com)
Date: 10/13/03
- Next in thread: Bergeron, Jared: "RE: SSH thru HTTP? Sounds backwards."
- Maybe reply: Bergeron, Jared: "RE: SSH thru HTTP? Sounds backwards."
- Reply: duane_at_sukkha.info: "Re: SSH thru HTTP? Sounds backwards."
- Reply: Brian Hatch: "Re: SSH thru HTTP? Sounds backwards."
- Reply: Michael French: "Re: SSH thru HTTP? Sounds backwards."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: security-discuss@linuxsecurity.com Date: Mon, 13 Oct 2003 14:04:27 -0400
Hello all.
A colleague asked me a question that I was unable to answer, so I thought
one of you might be able to help.
He asked me "is it possible for someone inside my organization to twart
security by ssh tunneling thru my HTTP proxy server to a destination SSH
server listening on port 80". I don't know what http proxy he's running and
we didn't talk about SSL or 443 proxy - I'm assuming the same rules would
apply.
My initial reaction was "no, it's not a hole", but then I thought about some
"less intelligent" proxies that don't inspect packet content... and that was
the end of my expertise.
Is it possible? or better question, is it likely?
-=Berns
------
Bernard Hoffman
Captive Capital Corp. (f.k.a. eMarket Capital, Inc.)
http://www.captivecorp.com
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
- Next in thread: Bergeron, Jared: "RE: SSH thru HTTP? Sounds backwards."
- Maybe reply: Bergeron, Jared: "RE: SSH thru HTTP? Sounds backwards."
- Reply: duane_at_sukkha.info: "Re: SSH thru HTTP? Sounds backwards."
- Reply: Brian Hatch: "Re: SSH thru HTTP? Sounds backwards."
- Reply: Michael French: "Re: SSH thru HTTP? Sounds backwards."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
