Re: bypassing employer's proxy to surf anonymously

On Tue, 13 Jun 2006 10:47:52 +0100
Hubert Seiwert <hubert@xxxxxxxxxxxxxxxx> wrote:

Hi,

When using SSH through the local proxy, it might be an idea to run the
outside sshd on
port 443, so it's harder to distinguish from an https server.

Local proxy listens on port 3128, 2121, 1080.
I use Putty's proxy option to get ssh tunnel passed through proxy.
I have to use proxy to make connection outside at all.

If sshd listens on port 22, local proxy's log calls this type
of traffic 'HTTPS' eg 'xxx.xxx.xxx.xxx HTTPS'. I guess, using port 443
wouldn't make any difference, because that's really HTTPS port and
thus would be correctly remarked 'HTTPS traffic' (dumb proxy
server). But i don't know of it, i'll try it out with port 53.


Also, in case you're not aware, a proxy server on the other side
(Privoxy in your example)
is not really necessary - You can use the ssh -D option (or 'Dynamic'
in the PuTTY port
forwarding options) to get a SOCKS server on localhost which makes
outside connections
through the remote sshd.

Thanks for the hint! :)


Another method of tunneling would be through DNS. You say that dns
traffic is blocked

References:

http://www.doxpara.com/slides/BH_EU_05-Kaminsky.pdf
http://dnstunnel.de/

Sounds very interesting, i'll take a look.

regards,
gimeshell

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@xxxxxxxxxx for details.
------------------------------------------------------------------------------

Relevant Pages

  • Re: RWW with no https
    ... Speaking about MS IIS as a web server, in HTTP, one can run multiple ... "host headers" and run all sites on the default port 80. ... to workstations, runs on port 4125, which is dynamically opened by the SBS ... HTTP why cant you do the same with HTTPS? ...
    (microsoft.public.windows.server.sbs)
  • Re: RWW with no https
    ... Sorry for the confusion but someone did a port scan on me and found I ... The SBS server we would like to have RWW ... work without using HTTPS but it seems this is not possible and or I ... "Yes I use Kerio for the 75GB limitation ...
    (microsoft.public.windows.server.sbs)
  • Re: RWW with no https
    ... Change your ports for Kerio, using the instructions he provided, or get a different static IP for RWW ... Windows Small Business Server 2008 Unleashed ... running Https, I still have http open and free to use where ever. ... >> port but going to port 8080. ...
    (microsoft.public.windows.server.sbs)
  • Re: Transparent proxy failing
    ... machine A as the gateway on the network, and A takes requests to port ... The squid machine, A, doesn't handle HTTPS blocking. ... up a website, it goes right to the website, no filtering. ... IE on the client to specifically use the proxy setting of B's ip ...
    (Ubuntu)
  • RE: Proxy Server in SBS 2000
    ... sites through port 443. ... If you install ISA 2000 on the SBS 2000 server, ... Connections->LAN Settings, tick the Use proxy server for your LAN, and then ... Is ISA 2000 installed on the SBS Server? ...
    (microsoft.public.windows.server.sbs)