Re: SSH thru HTTP? Sounds backwards.

duane_at_sukkha.info
Date: 10/13/03

  • Next message: Brian Hatch: "Re: SSH thru HTTP? Sounds backwards." 
    Date: Mon, 13 Oct 2003 14:39:36 -0400 (EDT)
To: security-discuss@linuxsecurity.com

    I agree with Jared as well. Policy is the best option. What I described
    below is only two ways to do it.

    On Mon, 13 Oct 2003 duane@sukkha.info wrote:

    > Yes it is possible and they can bypass any proxies in the middle. Someone
    > I know actually set that up so that their friend could bypass the
    > restrictions of their ISP. A person can setup an Apache server as a proxy
    > on a remote site and have it accept connections from the local interface:
    > 127.0.0.1. Then someone who has an account on that server can ssh in like
    > this:
    >
    > ssh -C -L 1080:127.0.0.1:80 <remote server>
    >
    > Then they can set their browser's proxy settings to: 127.0.0.1 port 1080
    >
    > then anywhere they surf on the Internet will be over that SSH connection
    > and through the remote server running the Apache proxy.
    >
    > They could also use a program like cgiproxy to bypass the proxy at their
    > organization if they use SSL or use the same situation above.
    >
    > The way to catch it is to watch for continuous or frequent SSH streams to
    > a remote server outside the user's organization.
    >
    > On Mon, 13 Oct 2003, Bernard Hoffman wrote:
    >
    > > Hello all.
    > >
    > > A colleague asked me a question that I was unable to answer, so I thought
    > > one of you might be able to help.
    > >
    > > He asked me "is it possible for someone inside my organization to twart
    > > security by ssh tunneling thru my HTTP proxy server to a destination SSH
    > > server listening on port 80". I don't know what http proxy he's running and
    > > we didn't talk about SSL or 443 proxy - I'm assuming the same rules would
    > > apply.
    > >
    > > My initial reaction was "no, it's not a hole", but then I thought about some
    > > "less intelligent" proxies that don't inspect packet content... and that was
    > > the end of my expertise.
    > >
    > > Is it possible? or better question, is it likely?
    > > -=Berns
    > >
    > >
    > > ------
    > > Bernard Hoffman
    > > Captive Capital Corp. (f.k.a. eMarket Capital, Inc.)
    > > http://www.captivecorp.com
    > >
    > >
    > >
    > >
    >
    > 

    -- 
duane
while [ !sleep ]
  sheep++ ;
// Articles and stuff
http://www.sukkha.info
------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
  • Next message: Brian Hatch: "Re: SSH thru HTTP? Sounds backwards."