-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bruno,
Hope you mind not really my asking about site policy before stepping into
the fire. the man page for sshd is a good place to start, you'll find you
can add a -p port setting to the startup of sshd and I'm sure there is a
setting in the sshd_conf files for a binding port,. in your case 80. Then
a quick look over the man page for ssh will show that you'll also need to
tell the client <ssh> via the -p option which port to look for the sshd on
the far end you are trying to reach. Make sure the sec admin is aware of
this bypass tunnel and put into sshd/tcpd options to limit connections to
only those that would use this tunnel, it will be found by those scanning
nets for entry points so do not relay upon the obscurity through security
methods that some feel warm and fuzzy with.
Thanks,
Ron DuFresne
On Tue, 21 Jun 2005, Bruno Negrão wrote:
Hi Ron,
Thanks for the warning. Actually, we already tried to create a PPTP vpn from
that client to my gateway server, but the remote network administrator
couldn't manage his equipment to let the appropriate packages to pass. (he
doesn't understand GRE no way).
I will inform him we're setting up this new vpn tunnel. I just don't want to
ask him to move, since he doesn't have the skills to make it.
Damon, thanks for the note on the ssh tunnel. Can you point me a document to
look for this kind of configuration?
Regards,
Bruno.
----- Original Message ----- From: "R. DuFresne" <dufresne@xxxxxxxxxxx>
To: "Damon Gray" <dgray@xxxxxxxxxxxx>
Cc: "Bruno Negrão" <vpopmail@xxxxxxxxxxxxxx>; <netfilter@xxxxxxxxxxxxxxxxxxx>
Sent: Tuesday, June 21, 2005 4:49 PM
Subject: Re: Tunneling other protocols over TCP port 80
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 21 Jun 2005, Damon Gray wrote:
Bad security policies aside.... :)
You could always run the telnet server on port 80. Or run netcat (aka
nc) on
the box on port 80 redirecting to port 23.
He could, if he wanted to really violate the policies in place and tunnel
traffic in the clear. he's actually asking about something that would be
deemed a tad more seucre/private in nature, though still likely a
violation os the security policies currently in place and thus subjecting
himself to likely termination once the tunnel was discovered, let alone
potential prosecution.
Thanks,
Ron DuFresne
On Tue, 21 Jun 2005, [iso-8859-1] Bruno Negrão wrote:
Hi guys,
I need to create a VPN to my linux server from a remote
workstation(windows) inside a private network of another company. The
LAN
where the workstation is located is protected by a firewall. This
firewall
only lets pass through outgoing traffic to port 80(http).
I need this workstation to telnet a telnet server inside my private
network. Is it possible to set up a tunnel over port 80 to create a
VPN
between the workstation and my gateway, so that the workstation can
telnet
my internal server?
The network administrator where this workstation is located is
inaccessible, so I have to create this workaround.
Thank you,
-------------------------------------------------
Bruno Negrao - Support Analyst
Engepel Teleinformática. 55-31-34812311
Belo Horizonte, MG, Brazil
- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCuG9Yst+vzJSwZikRAgeQAJkBQRMIkhqTvT9XAUU5Ri5e+ybzigCgzXEA
AvPSv6yw4Em98204pnSEhWk=
=iaYC
-----END PGP SIGNATURE-----
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCuHaust+vzJSwZikRAhHJAKC4E3417lftYHwisbY7KbhVfVFeEQCfdnGs
yvVGLpRTOVFmv6xtdJPCJhY=
=D4XD
-----END PGP SIGNATURE-----
