Yes it is possible and they can bypass any proxies in the middle. Someone I know actually set that up so that their friend could bypass the restrictions of their ISP. A person can setup an Apache server as a proxy on a remote site and have it accept connections from the local interface: 127.0.0.1. Then someone who has an account on that server can ssh in like this: ssh -C -L 1080:127.0.0.1:80 <remote server> Then they can set their browser's proxy settings to: 127.0.0.1 port 1080 then anywhere they surf on the Internet will be over that SSH connection and through the remote server running the Apache proxy. They could also use a program like cgiproxy to bypass the proxy at their organization if they use SSL or use the same situation above. The way to catch it is to watch for continuous or frequent SSH streams to a remote server outside the user's organization. On Mon, 13 Oct 2003, Bernard Hoffman wrote: > Hello all. > > A colleague asked me a question that I was unable to answer, so I thought > one of you might be able to help. > > He asked me "is it possible for someone inside my organization to twart > security by ssh tunneling thru my HTTP proxy server to a destination SSH > server listening on port 80". I don't know what http proxy he's running and > we didn't talk about SSL or 443 proxy - I'm assuming the same rules would > apply. > > My initial reaction was "no, it's not a hole", but then I thought about some > "less intelligent" proxies that don't inspect packet content... and that was > the end of my expertise. > > Is it possible? or better question, is it likely? > -=Berns > > > ------ > Bernard Hoffman > Captive Capital Corp. (f.k.a. eMarket Capital, Inc.) > http://www.captivecorp.com > > > > -- duane while [ !sleep ] sheep++ ; // Articles and stuff http://www.sukkha.info ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message.
