piercing corporate FW outbound
Chris Brenton
cbrenton at chrisbrenton.org
Fri Feb 6 13:09:52 EST 2004
On Fri, 2004-02-06 at 12:35, Michael ODonnell wrote:
>
> Two days after I started, though,
> the geniuses in the IT gang started blocking port 22
<snip>
> Anyway, until recently I've still been able to get
> through by having my home server answer on port
> 80, as well, but now the IT geniuses have started
> doing some sort of traffic- or packet-analysis and
> squelching my SSH connection attempts on port 80
I know you are upset because there is something you want to do and the
IT group is blocking you, but it sounds like they are doing a pretty
good job at locking down the perimeter. I would guess that is their job.
For the record, outbound SSH _can_ be a security risk. I seen people use
it for everything from tunneling porn to avoid content checking, to
setting up a reverse 80/TCP connection so an internal private server was
exposed on a home cable network for anyone to access.
> How do they do that?
Content checking can be a wonderful thing. :)
> and what can I now do to obtain
> my promised access, short of soiling my network by
> bringing a Windows box in and running the officially
> blessed VPN client?
What is you business need for requiring outbound SSH? Why not work with
your boss to state your case and get the policy changed?
> Oh, I forgot to mention that there's a Nortel
> Contivity VPN rig involved, and they want me to go
> through that, and there's supposedly support for some
> Linux modules that allegedly work with it,
Probably a simple IPSec connection. You can use FreeSwan or its built
right into the 2.6 kernel.
HTH,
C
More information about the gnhlug-discuss
mailing list