Re: two questions about ssh tunneling

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Tudod Ki wrote:
> if I:
> 
> ssh -fND localhost:6000 somebody@xxxxxxxxxxxx -p PORTNUMBER
> 
> from computer "A" to computer "B" [B = 192.168.56.5] then I can set the 
> SOCKS proxy for e.g.: Firefox to use "localhost:6000" on computer "A". 
> Ok. I can surf the web through "B".
> 
> But:
> - Can anyone sniff the traffic of "A"? [e.g.: computers on same subnet 
> as "A"] Like DNS requests? - I think no, but I'm not sure :O

The packets between A and B will be be visible only as encrypted ssh 
packets.  DNS lookups will depend on the client socks protocol.  Socks4 
did the lookups on the client and was extended as socks4a to do dns on 
the server.  Socks5 lets the server handle dns.

> - Can anyone sniff the traffic of computer "B"? e.g.: B computer is at a 
> server farm [others in the farm can see the traffic?] - I think yes, but 
> I'm not sure :O

The A-B connection will appear here as well, as encrypted ssh packets. 
The proxied outbound connections will be unencrypted but will appear to 
originate from B.  If you are the only one connected it wouldn't be too 
hard to deduce what is going on - and the packets will mostly correspond 
one for one timing wise.  So, the connection wouldn't be obvious, but I 
wouldn't count on not getting caught if you are doing something illegal.

-- 
   Les Mikesell
    lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux