Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Why not just use SSH?' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Why not just use SSH?
Authored by: TheGS on Aug 12, '05 12:31:27PM

The very first paragraph in the post mentions that all of ports (in or out) are blocked, except for http and https routed through a proxy. I would assume that this means that the ssh port (22) is also blocked and ssh tunneling can't be used unless first tunneled through port 80 or 443 (and through their mandatory proxy).



[ Reply to This | # ]
Why not just use SSH?
Authored by: Anonymous on Aug 12, '05 09:00:33PM

SSH can run on any port. 80, 443, whatever. 22 isn't a law.



[ Reply to This | # ]
Why not just use SSH?
Authored by: masonbrown on Aug 13, '05 05:43:18PM
SSH can run on any port. 80, 443, whatever. 22 isn't a law.

That may have been enough back in 2001, but today only the simplest of simple firewalls just passes anything through port 80 and 443 when they're allowed outbound. Almost every firewall available will inspect the traffic, ensure that it conforms to defined HTTP RFPs, and can selectively filter / reject / rewrite specific HTTP commands (such as the HTTP CONNECT command). Anything that falls beyond the allowed HTTP commands and doesn't conform to strict RFC standards will be at least dropped, but will also likely alert the administrators to a possible attack. Out-of-spec traffic trying to hide on port 80 is something typical of spyware, virii, etc. and therefore is considered a significant security issue. The firewall will raise all kinds of flags to alert the administrators.

[ Reply to This | # ]
Why not just use SSH?
Authored by: david-bo on Aug 17, '05 06:04:31PM

There are several SSH-implementations that supports http-proxies. I usually use Mindterm from Mindbright (they have changed their name but I can't recall it). It even runs as an applet in a browser. Since it does not support dynamic ssh tunnels you have to add a proxy server on the other end of the ssh tunnel but that is easy.

---
http://www.google.com/search?as_q=%22Authored+by%3A+david-bo%22&num=10&hl=en&ie=ISO-8859-1&btnG=



[ Reply to This | # ]