Re: PuTTY woes at new job

Fri, 22 Feb 2008 11:59:50 -0800 

Lan Barnes wrote:

On Thu, February 21, 2008 10:37 pm, Neil Schneider wrote:

Lan Barnes wrote:

On Thu, February 21, 2008 4:03 pm, SJS wrote:

Then I think you're doomed. If they're forcing you to use a proxy
server, then they've presumably locked down all outgoing traffic from
your subnet except to the server(s).  (Incoming traffic too, but that's
only to be expected.)



Can I try the port 80 trick? "I'm just an innocent packet going out to
ping a return of very important ... umm .... MARKETING information --
yeah, that's the ticket -- marketing information from a web server I
know
in Point Loma."

If they are using a true proxy, which I think is likely, then you must use
http protocol out port 80. The point of an application proxy firewall in a
secure network environment is to do exactly what Stewart was suggesting,
examine every packet and make sure it's the right protocol for that
application. If it's not an http packet then you can't proxy it at the
application level, so it shouldn't work. That's why they're called
application
proxies. Proxy firewalls that are well managed, and by reports I hear
Sony's
are, are very difficult to bypass. If there's a proxy for it, that's the
default way to get out of that port. If there's no proxy, that port is
closed.

Josh alluded to using https port 443, which is probably a good plan. Since
it's already encrypted, and since you can't really proxy an ssl
connection,
it's more likely to slip past the egress filtering.

But, you have a second filter on your home ISP network. I believe the
cable
companies filter incoming 25, 80 and probably some other ports. I don't
recall
hearing if they filter 443.

So I would second Josh's advice. Run your sshd on port 443 and use that as
tunnel back to home. If that doesn't work, wait until you go home to read
email.



OK. I surrender (443 already tried).

I have learned. This is good. I know when to quit (the effort, not the
job). This, too, is good.

The thread may close for all of me.

I'll use IMAP for mutt at home, squirrelmail for reading from work, and
life is OK if not good.




What did Mark say??

rbw


--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list

Reply via email to