Yeah, its a bad idea for all these reasons... so try to find a phone line ;)
--- Mark Henderson <[EMAIL PROTECTED]> wrote: > On Fri, Oct 19, 2001 at 02:21:27PM -0500, Miles Purdy wrote: > > Hi folks, > > > > I want to SSH from home to work, but I can't, I can't get through the > firewall, and I don't administer it. I while back I thought I read an article > (in Sysadmin?) where a guy set up a SSH server at HOME, and ssh'd out, on > port 80, from work to home, and was then able to use that tunnel at home to > administer his work machines. I can't find what I thought I read anywhere. > Will this even work? > > You'd probably want to use port 443 instead of port 80. Many > firewalls try to do some sort of inspection of port 80 traffic (http > transparent proxy). ssl traffic is usually necessarily passed without > any modification or substantial inspection. > > It would, however, be possible to detect that sort of reverse tunnel > by looking at traffic patterns. Keystrokes in interactive sessions > usually generate certain size packets. Statistical analysis of packet > sizes in each direction of long lived tcp sessions could be very > interesting. There was a paper on detecting the _real_ nature of tcp > connections, but not ssh reverse tunnels specifically, at USENIX > security a couple of years ago. > > Of course, you could make this sort of approach harder by being more > clever. Depends on how much work you want to do. > > If you are caught doing this sort guerilla VPN-like thing and this is > in violation of your employer's security policy (very likely) then > your employer is well within its rights to fire you. No discussion > needed - they could just escort you out the door. > > So ask yourself, is it really worth it? > > --- > Mark Henderson, [EMAIL PROTECTED], [EMAIL PROTECTED] > "Heilir �sir. Heilar �synjur. Heil sj� in fj�ln�ta fold." - Sigrdr�fum�l > OpenPGP/GnuPG keys available at http://www.squirrel.com/pgpkeys.asc > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > ===== John van Vlaanderen ############################################# # CXN, Inc. Contact: [EMAIL PROTECTED] # # # Proud Sponsor of Perl/Unix of NY # # http://puny.vm.com # ############################################# __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
