Re: corporate firewall from an end user prospective

To: debian-user@lists.debian.org
Subject: Re: corporate firewall from an end user prospective
From: Juan Sierra Pons <juan@elsotanillo.net>
Date: Fri, 9 Sep 2011 07:26:05 +0200
Message-id: <[🔎] CABS=y9vf4MM5L=zH3AoAUyF9Ru0X-+r19vBq0K=EYTikvpz6Cw@mail.gmail.com>
In-reply-to: <[🔎] j4c2sj$4iq$1@dough.gmane.org>
References: <[🔎] j4c2sj$4iq$1@dough.gmane.org>

Hi  T o n g,

The "best practice" is deny all ports and open only needed outgoing ports.
For a standard company only 80, 8080 for http and 443 for https should
be opened.

if you wanna know which outgoing ports are open you will need a
machine outside with some ports opened and make some try and error.

Quick & Dirty:
external.machine: nc -l 3000
internal.machine: nc external.machine 3000

And see if the socket is opened

Anyway if you wanna have ssh and ftp connection you can try to
tunnelling ssh over https and ftp over https. There are some good
howtos on this subject on the internet.  I personally wrote one,
written in "correct" Spanish:
<mode spam=on>
http://www.elsotanillo.net/2006/08/howto-como-saltarse-un-proxy-para-establecer-conexiones-tunelizadas-a-traves-de-el-2/
</mode spam=on> :-)

Good luck!

Regards

Juan

--------------------------------------------------------------------------------------------------------------
Juan Sierra Pons                         | juan@elsotanillo.net
Linux User Registered: #257202    | http://www.elsotanillo.net
GPG key = 0xA110F4FE
Key Fingerprint = DF53 7415 0936 244E 9B00  6E66 E934 3406 A110 F4FE
--------------------------------------------------------------------------------------------------------------

2011/9/9 T o n g <mlist4suntong@yahoo.com>:
> Hi,
>
> The place that I work now block standard outbound ssh (and ftp) port
> connections. I'm wondering, for a "standard" corporate firewall practice,
> do they selectively block outbound ports, or do they selectively open
> them.
>
> >From an end user prospective, is there any way I can know which outbound
> port is not blocked that I can make use of?
>
> Thanks
>
> --
> Tong (remove underscore(s) to reply)
>  http://xpt.sourceforge.net/techdocs/
>  http://xpt.sourceforge.net/tools/
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] j4c2sj$4iq$1@dough.gmane.org">http://lists.debian.org/[🔎] j4c2sj$4iq$1@dough.gmane.org
>
>

Reply to:

References:
- corporate firewall from an end user prospective
  - From: T o n g <mlist4suntong@yahoo.com>

Prev by Date: corporate firewall from an end user prospective
Next by Date: Xfce not locking screen on suspend
Previous by thread: corporate firewall from an end user prospective
Next by thread: Re: corporate firewall from an end user prospective
Index(es):
- Date
- Thread