[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sneaking past firewalls: ssh on port 23 or 80?

On Mon, Dec 15, 2003 at 02:56:06PM -0800, Nunya wrote:
| As I think about getting a job, I realize wherever next will probably 
| block outgoing traffic on most ports.
| I always thought I could have ssh listen on some port which gets through 
| like FTP port or HTTP port to bypass all those restrictions.
| Two obvious, unavoidable problems will be: my employer probably won't 
| want me wasting bandwidth and opening a security hole.
| (1) Will it work and

Yes.  I use port 23 now because 22 is forwarded to my roommate's

| (2) is it opening a security hole?

Define "security hole".  :-).  Well, you're bypassing the restrictions
in place, so the admins responsible for the corporate network may not
appreciate it.  Using ssh-tunneling you can create arbitrary TCP
connections between your home network and the network your work
machine is on.  It's a way through the defenses, much like getting a
pass from the general will let you walk past the scouts at the border
of camp.  I do stuff like that all the time here, in part so I can
print and display stuff back and forth (either way, work->home or
home->work).  However, my employer doesn't mind.  I use tunnelling
just to bypass the technical limits of a single IP address and NAT.

| What are the workarounds?  I guess I could live in a Ricochet city and 
| use my own laptop not plugged into the company .net.
| Does anybody have any thoughts?

You have to check with your (potential) employer(s) and find out what
they do and do not allow.


If your company is not involved in something called "ISO 9000" you
probably have no idea what it is.  If your company _is_ involved in ISO
9000 then you definitely have no idea what it is.
                                (Scott Adams - The Dilbert principle)
www: http://dman13.dyndns.org/~dman/            jabber: dman@dman13.dyndns.org

Attachment: pgpNYe89ORQjf.pgp
Description: PGP signature

Reply to: