I've tried to tunnel ssh through our TIS FWTK http proxy, and I found that
while telnet can be made to work, ssh didn't like the extra data thrown at
it by the proxy.
Jon
At 12:32 PM 4/20/00 -0700, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>to answer the many comments about the ability to tunnel over other ports.
>
>Yes, it is possible to setup SSH on port 80, but if you are tunning a
>outbound HTTP proxy that is smart enough to only pass valid HTTP requests
>this is no longer possible.
>
>it is possible to tunnel through valid HTTP, mail, or anything that you
>allow, but by not allowing SSH I raise the difficulty of doing this, avoid
>providing the tools nessasary to do this, probably add to the
>inconvieniance of doing this (telnet does not tunnel well through HTTP,
>you can tunnel commands and their results, but it is not real-time
>interactive) and as a result hopefully raise the bar high enough that
>nobody bothers to go to that much work.
>
>Even with a good proxy, allowing https provides a way to tunnel through
>the firewall (if you tell the proxy what to do it will happily do it) but
>again it is raising the bar a bit.
-----------------------------------------------------------------
Jon Earle (613) 612-0946 (Cell)
HUB Computer Consulting Inc. (613) 830-1499 (Office)
http://www.hubcc.ca 1-888-353-7272 (Within Canada/US)
"God does not subtract from one's alloted time on Earth,
those hours spent flying." --Unknown
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
