RE: Tunelling RDP traffic over HTTP proxies.
From: Jeroen van Meeuwen (kanarip_at_pczone-clan.nl)
Date: 11/24/05
- Previous message: Sandeep Agarwal: "Re: Selectively disabling USB devices"
- Maybe in reply to: Steve McLaughlin: "Tunelling RDP traffic over HTTP proxies."
- Next in thread: lucab2005_at_securityfocus.com: "Re: Tunelling RDP traffic over HTTP proxies."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Steve McLaughlin'" <Steve.McLaughlin@aggreko.co.uk> Date: Thu, 24 Nov 2005 13:55:10 +0100
Hi Steve,
If port 443 is open, this enables you to tunnel any protocol. I'm confused
with you saying you need to authenticate with the proxy server first. That
would mean only port 80 and 443 outbound _from the proxy_ is allowed through
the firewall. If that proxy only supports Kerberos authentication, I don't
know what shell client you could use.
Anyway, here's the setup I currently use: I have an outside Linux box with
SSHd on port 443, to which I log in using PuTTY, via an ISA 2004 proxy, with
Basic proxy authentication. Tunneling is an option in PuTTY, so that's what
I use to tunnel my IMAP, RDP, VNC and SMTP.
To get it working in your case, I'ld first verify if it's only the proxy
that is allowed through the firewall, and whether you are able to let PuTTY
authenticate to the proxy.
Kind regards,
Jeroen van Meeuwen
-- kanarip > -----Original Message----- > From: Steve McLaughlin [mailto:Steve.McLaughlin@aggreko.co.uk] > Sent: Thursday, November 24, 2005 12:27 > To: Jeroen van Meeuwen > Subject: RE: Tunelling RDP traffic over HTTP proxies. > > I want to RDP or VNC into my box back home, and we only have port 80 and > 443 open on the Firewall outbound and traffic first has to authenticate > through an ISA proxy with Kerberos authentication. > > Steve > > > -----Original Message----- > From: Jeroen van Meeuwen [mailto:kanarip@pczone-clan.nl] > Sent: 23 November 2005 19:55 > To: Steve McLaughlin; 'Richard Zaluski'; 'Jason T. Hallahan'; > security-basics@securityfocus.com; pen-test@securityfocus.com > Subject: RE: Tunelling RDP traffic over HTTP proxies. > > Hi Steve, > > Is it just a HTTP proxy (which possibly has a web proxy filter, like for > example ISA Server 2004, or a Squid / ASA implementation), or is it > capable > of HTTPS as well? > > Does it support Basic authentication or is it Windows Integrated (NTLM, > Kerberos, Negotiate)? > > Kind regards, > > Jeroen van Meeuwen > > -- > kanarip > > > -----Original Message----- > > From: Steve McLaughlin [mailto:Steve.McLaughlin@aggreko.co.uk] > > Sent: Wednesday, November 23, 2005 17:45 > > To: Richard Zaluski; Jason T. Hallahan; > security-basics@securityfocus.com; > pen- > > test@securityfocus.com > > Subject: Tunelling RDP traffic over HTTP proxies. > > > > Hi list, > > > > Does anyone know of any solutions for tunnelling RDP traffic through > an > > HTTP proxy? > > > > Thanks in Advance, > > Steve > > > > Visit us at http://www.aggreko.com > > > > Confidentiality Notice: This communication and any accompanying > attachments > > contain confidential information intended for a specific individual > and > purpose. > > This communication is private and protected by law. If you are not > the > intended > > recipient, you are hereby respectfully notified that any disclosures, > copying, > > forwarding or distribution, or the taking of any action based on the > contents of > > this communication is strictly prohibited. > > > > > ___________________________________________________________________ > > __ > > This email has been scanned by the MessageLabs Email Security System. > > For more information please visit http://www.messagelabs.com/email > > > ___________________________________________________________________ > > ___ > > > ___________________________________________________________________ > ___ > > This email has been scanned by the MessageLabs Email Security System. > ___________________________________________________________________ > ___ > > Visit us at http://www.aggreko.com > > Confidentiality Notice: This communication and any accompanying attachments > contain confidential information intended for a specific individual and purpose. > This communication is private and protected by law. If you are not the intended > recipient, you are hereby respectfully notified that any disclosures, copying, > forwarding or distribution, or the taking of any action based on the contents of > this communication is strictly prohibited. > > ___________________________________________________________________ > __ > This email has been scanned by the MessageLabs Email Security System. > For more information please visit http://www.messagelabs.com/email > ___________________________________________________________________ > ___
- Previous message: Sandeep Agarwal: "Re: Selectively disabling USB devices"
- Maybe in reply to: Steve McLaughlin: "Tunelling RDP traffic over HTTP proxies."
- Next in thread: lucab2005_at_securityfocus.com: "Re: Tunelling RDP traffic over HTTP proxies."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
