Re: Defeating Firewalls: Sneaking Into Office Computers From Home

From: Floyd L. Davidson (floyd_at_apaflo.com)
Date: 08/12/05 

Date: Fri, 12 Aug 2005 07:33:17 -0800

Leythos <void@nowhere.lan> wrote:
>In article <1123859197.303106.293860@g47g2000cwa.googlegroups.com>,
>manugarg@gmail.com says...
>> But, I am just skipping firewall and there is no web server at all in
>> the picture. What I need is just http(s) proxy and an ssh server on
>> the internet (which I am supposed to have at home). I'll setup
>> connection to the ssh server using https proxy and ride back on that
>> SSL connection.
>>
>> No offense meant, but I think you didn't read the paper completely. :)
>
>So, you're saying that from your office you can connect to your home
>using https and then from your home you can ride back through the https
>connection into the computer at your office?
>
>I guess I would have to know why your company allows you

1)
>outbound access
>to all internet sites,

Unnecessary. All he needs is access to *his* IP address, and it
would be very unlikely that any random company would have reason
to block it.

2)
>why residential address blocks are not blocked,

What is a "residential address block" ????

3)
>why they don't terminate https sessions after x amount of time,

Maybe they do! But they certainly would not have timeouts that
are unreasonably short... say less than 8-10 hours so that
employees can do business without being knocked off. That of
course means that he can set up this connection just before
leaving work, and he will have sufficient time to work at home
prior to any reasonable timeout.

4)
>and how
>they can miss an active https session that's connected for any length of
>time beyond the norm.

See above.

>It would be interesting to see if our firewalls permitted what you
>describe - we will test this weekend, but I don't think it will work on
>our networks.

Your firewalls may or may not be configured for the same
requirements that exist at his company. 

-- 
Floyd L. Davidson            <http://www.apaflo.com/floyd_davidson>
Ukpeagvik (Barrow, Alaska)                         floyd@apaflo.com

Relevant Pages

  • Re: RPC over HTTPs
    ... and I did make the changes in the registry. ... on the server told me that store.exe was not actually listening on port 6001 ... THAT will break RPC over HTTPS for sure. ... I can see the 'mail' connection tries to ...
    (microsoft.public.exchange.connectivity)
  • Re: RPC over HTTPs
    ... THAT will break RPC over HTTPS for sure. ... HTTPS in a single server environment, but that information has been rolled ... The server runs Exchange 2003 with the latest patches. ... I can see the 'mail' connection tries to ...
    (microsoft.public.exchange.connectivity)
  • Re: Secure Web-Access to VSS
    ... The type of the connection to that server is determined ... If the client settings are set to always use SSL, https connection will be ... tried directly (and you'll have the options of connecting with different VSS ...
    (microsoft.public.vstudio.sourcesafe)
  • Re: Defeating Firewalls: Sneaking Into Office Computers From Home
    ... I am just skipping firewall and there is no web server at all in ... What I need is just httpproxy and an ssh server on ... > SSL connection. ... using https and then from your home you can ride back through the https ...
    (comp.security.firewalls)
  • Re: Outgoing POP3 email missing/lost/not received
    ... Funny thing is that I have had this ISP for 8 years and it has always been ... It looks like when you last ran CEICW, you set the ISP's mail server to: ... Internet Connection Wizard. ... After the wizard completes, the following network connection ...
    (microsoft.public.windows.server.sbs)