RE: SSH thru HTTP? Sounds backwards.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Title: SSH thru HTTP? Sounds backwards.
    Sounds like they may be doing like an stunnel type of thing. This would be SSL tunneling. They may also be using httport or a util like that, it cruises right thru proxies and i dont believe your required to do SSL.
      
    Also id verify you dont allow outbound SSH, as that would be the easiest/fastest/cleanest way to get tunneled home ;)
       
    Does not seem to be allot you can do about it other than try to detect it and add a rule to your proxy/content filters to block their end point. In any case detection with IDS coupled with a enforceable security policy may be your best bet. 
 

Regards,
---------------------
Jared Bergeron

 

 

 


From: Bernard Hoffman [mailto:bhoffman@xxxxxxxxxxxxxxx]
Sent: Monday, October 13, 2003 11:04 AM
To: security-discuss@xxxxxxxxxxxxxxxxx
Subject: SSH thru HTTP? Sounds backwards.

Hello all.

A colleague asked me a question that I was unable to answer, so I thought one of you might be able to help.

He asked me "is it possible for someone inside my organization to twart security by ssh tunneling thru my HTTP proxy server to a destination SSH server listening on port 80".  I don't know what http proxy he's running and we didn't talk about SSL or 443 proxy - I'm assuming the same rules would apply.

My initial reaction was "no, it's not a hole", but then I thought about some "less intelligent" proxies that don't inspect packet content... and that was the end of my expertise.

Is it possible?  or better question, is it likely?
-=Berns


------
Bernard Hoffman
Captive Capital Corp.  (f.k.a. eMarket Capital, Inc.)
http://www.captivecorp.com




[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux