> He asked me "is it possible for someone inside my organization to twart > security by ssh tunneling thru my HTTP proxy server to a destination SSH > server listening on port 80". I don't know what http proxy he's running and > we didn't talk about SSL or 443 proxy - I'm assuming the same rules would > apply. Either using httptunnel, to make all outbound traffic look like real HTTP access (requires an httptunnel server on the remote end) which will go happily through even a application gateway, or by just running an SSH server on the remote end on port 80 (sshd -p 80) and connecting to it that way (sssh -p 80 remote host) s.t. it may be allowed outbound by straight packet filters, etc. See some pretty pictures at http://www.ifokr.org/bri/presentations/secureworld-2003/mgp00034.html -- Brian Hatch "Do you understand Systems and everything you say, sir?" Security Engineer "Yes, if I listen http://www.ifokr.org/bri/ attentively." Every message PGP signed
Attachment:
pgp00007.pgp
Description: PGP signature
