RE: ssh tunnelling

["Dave Falloon" <dave.falloon () analogda com>]

Wait I am lost with your ssh command, specifically the local_host_IP, do you
mean your machines local IP? or the remote machines IP? or the remote
machines loopback adapter 127.0.0.1?

If you put your local machines IP as the destination host you are
essentially asking the remote machine to forward any connections from your
local machines end of the pipe ( localhost:8000 ) out and back to your port
50 000, that doesn't make a lot of sense to me, unless you had a web server
on port 50 000 or something.

here is an example I used to bypass the draconian firewalling I make my
users live with:

ssh -L8000:www.google.com:80 username@my_home_ssh_server.mydomain.net

then you open this url in your browser ( Entourage chokes in OSX when you
connect to the localhost for one of my clients, but firebird handles it just
fine and so does old mozilla 1.x )

http://localhost:8000/

and bingo you are looking at google through an ssh tunnel.

The thing to remember with ssh port forwarding is that the name resolution
happens at the remote host which allows you to ssh to machine in private
networks as long as the remote machine can connect.  Another fun trick is
forwarding the next servers port 22 to a local port:

ssh -L 2222:other_ssh_server:22 usernae () server com

then

ssh -L 2223:next_ssh_server:22 username@localhost

and so on and so on

I hope that helps.

Dave

> -----Original Message-----
> From: Kampanellis John [mailto:ikampa () softlab ntua gr]
> Sent: Friday, September 12, 2003 4:09 AM
> To: security-basics () securityfocus com
> Subject: ssh tunnelling
>
>
> Hi!
>
> I am about to write the security policy of a media group as part of my
> intersnhip.
> Among other things I want to check their actuall security.
> The group uses websense and packetshape. The first to prevent users  from
> visiting restricted sites and the second to "cut" applications such as
> ICQ,P2P etc.
>
> I thought that a good idea would be to create a SSH tunnel with
> the outside
> world and try to pass the traffic trough the tunnel, and check if that
> enables me (or any user)  to bypass the filters mentionned above
> in order to
> use and visit restricted programmes and web sites respectevily.
>
> I try to do port forwarding :
>
> ssh2 -L 8000:local_host_IP:50000 username@remotehost
>
> then I am not so sure what to do. For IE I declare as proxy my IP
> with port
> 8000 (for the example above). I did the same thing with msn. However, it
> doesn't seems to work.
>
> Any ideas?
> Thnx
>
>
> ------------------------------------------------------------------
> ---------
> Captus Networks
> Are you prepared for the next Sobig & Blaster?
>  - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
>  - Precisely Define and Implement Network Security
>  - Automatically Control P2P, IM and Spam Traffic
> FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
> http://www.captusnetworks.com/ads/42.htm
> ------------------------------------------------------------------
> ----------


---------------------------------------------------------------------------
----------------------------------------------------------------------------