[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sneaking past firewalls: ssh on port 23 or 80?



On Mon, Dec 15, 2003 at 02:56:06PM -0800, Nunya wrote:
| As I think about getting a job, I realize wherever next will probably 
| block outgoing traffic on most ports.
| 
| I always thought I could have ssh listen on some port which gets through 
| like FTP port or HTTP port to bypass all those restrictions.
| 
| Two obvious, unavoidable problems will be: my employer probably won't 
| want me wasting bandwidth and opening a security hole.
| 
| (1) Will it work and

Yes.  I use port 23 now because 22 is forwarded to my roommate's
machine.

| (2) is it opening a security hole?

Define "security hole".  :-).  Well, you're bypassing the restrictions
in place, so the admins responsible for the corporate network may not
appreciate it.  Using ssh-tunneling you can create arbitrary TCP
connections between your home network and the network your work
machine is on.  It's a way through the defenses, much like getting a
pass from the general will let you walk past the scouts at the border
of camp.  I do stuff like that all the time here, in part so I can
print and display stuff back and forth (either way, work->home or
home->work).  However, my employer doesn't mind.  I use tunnelling
just to bypass the technical limits of a single IP address and NAT.

| What are the workarounds?  I guess I could live in a Ricochet city and 
| use my own laptop not plugged into the company .net.
| 
| Does anybody have any thoughts?

You have to check with your (potential) employer(s) and find out what
they do and do not allow.

-D

-- 
If your company is not involved in something called "ISO 9000" you
probably have no idea what it is.  If your company _is_ involved in ISO
9000 then you definitely have no idea what it is.
                                (Scott Adams - The Dilbert principle)
 
www: http://dman13.dyndns.org/~dman/            jabber: dman@dman13.dyndns.org

Attachment: pgpE2QZoXuU54.pgp
Description: PGP signature


Reply to: