Re: SSH tunneling/port forwarding and stateful packet inspection

From: Darren Tucker (dtucker_at_dodgy.net.au)
Date: 02/26/04

  • Next message: Richard E. Silverman: "Re: SSH tunneling/port forwarding and stateful packet inspection" 
    Date: Wed, 25 Feb 2004 23:57:06 +0000 (UTC)

    In article <41e63564.0402251544.2ddb9ee6@posting.google.com>,
    steve <steph19731@yahoo.com> wrote:
    >
    >My terminology is not mixed up. According to my packet trace, because
    >I have reconfigured SSH to run over port 443 the trace shows it as SSL
    >traffic. Of course the contents are encrypted. This is my whole
    >conclusion why the stateful packet inspection capabilities of the
    >firewall do not blow it going outbound.

    A firewall could easily stop this by looking at the first few bytes sent
    by the server, and killing the connection if those bytes are "SSH-"

    It works now because most firewalls either don't have the capability to
    "peek" into the packets, or don't do it for port 443.

    >Because to it, it is just an
    >SSL packet encapsulating SSH data, which of course is encrypted.

    It's not an SSL packet encapsulating anything. It's just an SSH
    connection on port 443. Your packet trace tool just can't tell the
    difference. 

    -- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
  • Next message: Richard E. Silverman: "Re: SSH tunneling/port forwarding and stateful packet inspection"

    Relevant Pages

    • Re: SSH tunneling/port forwarding and stateful packet inspection
      ... >> layer of a packet and based on the known patterns of that packet, ... My solution around firewalls has always been to run SSH over port 443 ... They are using a "Raptor" firewall that apparantly as its ...
      (comp.security.ssh)
    • Re: SSH tunneling/port forwarding and stateful packet inspection
      ... >> It's not an SSL packet encapsulating anything. ... It's just an SSH ... >> connection on port 443. ... dst port) connection is really SSH. ...
      (comp.security.ssh)
    • Re: SSH tunneling/port forwarding and stateful packet inspection
      ... According to my packet trace, ... > which is the well-known port for HTTP over SSL. ... packet carrying "anything that says SSH" - this is plain ridiculous). ...
      (comp.security.ssh)
    • nat in linux kernel
      ... Good morning i'm Giacomo From Italy ... original port in pre and changed port in input. ... the problem is that packet seems to disappear: it does not enter the output ... ssh is listening. ...
      (comp.os.linux.networking)
    • Re: nat in linux kernel
      ... > Good morning i'm Giacomo From Italy ... > original port in pre and changed port in input. ... > the problem is that packet seems to disappear: it does not enter the output ... > ssh is listening. ...
      (comp.os.linux.networking)