Regards,
---------------------
From: Bernard Hoffman [mailto:bhoffman@xxxxxxxxxxxxxxx]
Sent: Monday, October 13, 2003 11:04 AM
To: security-discuss@xxxxxxxxxxxxxxxxx
Subject: SSH thru HTTP? Sounds backwards.
Hello all.
A colleague asked me a question that I was unable to answer, so I thought one of you might be able to help.
He asked me "is it possible for someone inside my organization to twart security by ssh tunneling thru my HTTP proxy server to a destination SSH server listening on port 80". I don't know what http proxy he's running and we didn't talk about SSL or 443 proxy - I'm assuming the same rules would apply.
My initial reaction was "no, it's not a hole", but then I thought about some "less intelligent" proxies that don't inspect packet content... and that was the end of my expertise.
Is it possible? or better question, is it
likely?
-=Berns
------
Bernard Hoffman
Captive
Capital Corp. (f.k.a. eMarket Capital, Inc.)
http://www.captivecorp.com