Re: SSH tunneling/port forwarding and stateful packet inspection

From: Darren Dunham (ddunham_at_redwood.taos.com)
Date: 02/26/04

• Next message: Darren Tucker: "Re: SSH tunneling/port forwarding and stateful packet inspection"
• Previous message: Darren Tucker: "Re: Proposed enhancement to scp"
• In reply to: steve: "Re: SSH tunneling/port forwarding and stateful packet inspection"
• Next in thread: Richard E. Silverman: "Re: SSH tunneling/port forwarding and stateful packet inspection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 25 Feb 2004 23:59:01 GMT

steve <steph19731@yahoo.com> wrote:
> The scenario is this - point A - a machine running an ssh clinet that
> is tunneling via port 443 to point B - a server running an ssh server
> on port 443.

You did this by running the ssh server on port 443, and then ran a ssh
client to explicitly contact it on port 443? Are you doing this to go
through a firewall that doesn't have port 22 open?

> Point A - the client is using ghe tunnel to port forward
> terminal service traffic. My question was, why doesnt the firewall
> pick this up in SPI because it is not really sll traffic. However, in
> doing a packet trace, I saw that the header of the packet really is
> ssl traffic, but the actual port 3389 (term server) traffic a)
> encrypted and b) encapsulated. So as far as teh SPI functionality of
> the firewall is concerned, it is SSL traffic.

It's on port 443. That may be all the firewall is looking at to
consider it SSL traffic. It's still an SSH protocol.

What did you see in the header to determine that it is ssl traffic?

-- 
Darren Dunham                                           ddunham@taos.com
Senior Technical Consultant         TAOS            http://www.taos.com/
Got some Dr Pepper?                           San Francisco, CA bay area
         < This line left intentionally blank to confuse you. >

• Next message: Darren Tucker: "Re: SSH tunneling/port forwarding and stateful packet inspection"
• Previous message: Darren Tucker: "Re: Proposed enhancement to scp"
• In reply to: steve: "Re: SSH tunneling/port forwarding and stateful packet inspection"
• Next in thread: Richard E. Silverman: "Re: SSH tunneling/port forwarding and stateful packet inspection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages PuTTY terminate on open Alteon Director - Contains packet dump (LONG POSTING) ... Using SSH protocol version 1 ... I have also tried multiple different protocol settings and bugs ... Header checksum: 0xbdc1 ... Transmission Control Protocol, Src Port: 2759, Dst Port: ssh ... (comp.security.ssh) RE: ssh attempts ... Change the port to something different than port 22. ... Subject: Re: ssh attempts ... > forget the excellent iptables firewall you probably already have on ... >>> Computer Emergency Response Teams, ... (Security-Basics) Re: Reverse Shell? ... >> behind a firewall so I can't ssh into their computer. ... > follow the tunnel back to their machine and then help them. ... Connections to that port will be forwarded through the ... (Debian-User) RE: Tunneling over ssh with termination by the FW ... I would use something like Putty (ssh client software) to open a secure ... tunnel with the firewall. ... If the firewall has the sshd running on port ... (SSH) Re: need help for setting SSH Server for Windows XP ... In my windows firewall proper ports are opened. ... Changing from port 22 to ports 80, 443 also doesn't give any results. ... static LAN IP of the server PC. ... It is *NOT* a valid test to call the SSH server PC from another ... (microsoft.public.windowsxp.work_remotely)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint