Re: Sneaking past firewalls: ssh on port 23 or 80?

To: debian-user@lists.debian.org
Subject: Re: Sneaking past firewalls: ssh on port 23 or 80?
From: "Karsten M. Self" <kmself@ix.netcom.com>
Date: Tue, 16 Dec 2003 23:33:03 -0800
Message-id: <[🔎] 20031217073303.GF17370@ix.netcom.com>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20031215225606.GA15618@comcast.net>
References: <[🔎] 20031215225606.GA15618@comcast.net>

on Mon, Dec 15, 2003 at 02:56:06PM -0800, Nunya (31210.nospam@comcast.net) wrote:
> As I think about getting a job, I realize wherever next will probably 
> block outgoing traffic on most ports.
> 
> I always thought I could have ssh listen on some port which gets through 
> like FTP port or HTTP port to bypass all those restrictions.
> 
> Two obvious, unavoidable problems will be: my employer probably won't 
> want me wasting bandwidth and opening a security hole.
> 
> (1) Will it work and 

Maybe.

> (2) is it opening a security hole?

Yes.

> What are the workarounds?  I guess I could live in a Ricochet city and 
> use my own laptop not plugged into the company .net.
> 
> Does anybody have any thoughts?

Sure:

  - What's policy at this location?  Is violation of policy a firing
    offense?  Is there criminal or civil liability?  The point is:
    while it's _technically_ possible to bypass a great many security
    measures, the consequences of doing so may be high.   What does your
    contract or employment agreement say to this?

  - Do you really want to run ssh from an untrusted system?  Your
    workplace system may be running spyware or monitoring software
    either for employee monitoring purposes, or because it's been
    compromised itself.  Password sniffing is a popular route to system
    compromise.

  - Do you want to be the point man for any network hiccups or security
    questions.  By this, I mean the man everyone points to.  Depending
    on the technical savvy of the employer, you may find that as "the
    guy doing weird stuff", you're the usual suspect for anything that
    happens -- network problems, worms, data coming in, data going out,
    etc.  There's also the question of what you're doing with your time
    on the job.
  
  - What are your (other) alternatives?

I'd seek clarification from the employer before doing anything of this
nature.  You're opening a hole through which data can move in and/or
out, outside of their control.  While a large number of shops have few
problems with this, so long as use is reasonable and sane, others do.

Other options include forwarding critical mail to your work account, a
third-party webmail account, or hosting your own remotely-accessible
mail.  Or buy yourself a handheld system (e.g.:  Zaurus) with wireless
support and get your email fix from a hotspot on your breaks.


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
  Backgrounder on the Caldera/SCO vs. IBM and Linux dispute.
      http://sco.iwethey.org/

Attachment: pgp_UoByqVWrL.pgp
Description: PGP signature

Reply to:

References:
- Sneaking past firewalls: ssh on port 23 or 80?
  - From: Nunya <31210.nospam@comcast.net>

Prev by Date: Re: OT-Make more noise.
Next by Date: Re: ASUS A7N8X Deluxe Questions
Previous by thread: Re: Sneaking past firewalls: ssh on port 23 or 80?
Next by thread: RE: Sneaking past firewalls: ssh on port 23 or 80?
Index(es):
- Date
- Thread