Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the 'Why not just use SSH?' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Why not just use SSH?
Authored by: masonbrown on Aug 13, '05 05:43:18PM
SSH can run on any port. 80, 443, whatever. 22 isn't a law.

That may have been enough back in 2001, but today only the simplest of simple firewalls just passes anything through port 80 and 443 when they're allowed outbound. Almost every firewall available will inspect the traffic, ensure that it conforms to defined HTTP RFPs, and can selectively filter / reject / rewrite specific HTTP commands (such as the HTTP CONNECT command). Anything that falls beyond the allowed HTTP commands and doesn't conform to strict RFC standards will be at least dropped, but will also likely alert the administrators to a possible attack. Out-of-spec traffic trying to hide on port 80 is something typical of spyware, virii, etc. and therefore is considered a significant security issue. The firewall will raise all kinds of flags to alert the administrators.

[ Reply to This | # ]
Why not just use SSH?
Authored by: david-bo on Aug 17, '05 06:04:31PM

There are several SSH-implementations that supports http-proxies. I usually use Mindterm from Mindbright (they have changed their name but I can't recall it). It even runs as an applet in a browser. Since it does not support dynamic ssh tunnels you have to add a proxy server on the other end of the ssh tunnel but that is easy.


[ Reply to This | # ]