piercing corporate FW outbound
Derek Martin
invalid at pizzashack.org
Fri Feb 6 15:24:39 EST 2004
Howdy!
On Fri, Feb 06, 2004 at 12:35:40PM -0500, Michael ODonnell wrote:
> Crap. I accepted my current job with the
> understanding that I had a fairly secure home network
> (protected by [A] a firewall and [B] the total
> absence of Microsoft products) to which I expected
> to have access from work via SSH, and I was told
> "no problem".
[SNIP]
> Anyway, until recently I've still been able to get
> through by having my home server answer on port
> 80, as well, but now the IT geniuses have started
> doing some sort of traffic- or packet-analysis and
> squelching my SSH connection attempts on port 80, too.
> How do they do that?
There exist firewalls which can look at packet payloads to determine
if they conform to the protocol for which they are supposedly being
transmitted. Your chums in the IT department are evidently using one.
If that's the case, and they don't want you to use SSH, and they're
not completely clueless, you're probably screwed.
> and what can I now do to obtain
> my promised access, short of soiling my network by
> bringing a Windows box in and running the officially
> blessed VPN client?
Well, as Kenny mentioned, you could run the Linux Contivity client. I
personally never got it working, but then I also didn't try very hard,
because where I needed it I also had control over the firewall, and
had a perfectly excellent SSH connection.
Another option would be to complain to your boss and/or your IT
department, point out that it was agreed that you'd be able to use
this method of remote access, and if you're willing to go so far,
threaten to quit if they don't remedy the problem.
I have used this last tactic very effectively to get what I want on
two occasions recently. Granted, my situation is MUCH different from
yours...
BTW, what /is/ your situation? Is it top secret? :)
--
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.
Replying to it will result in undeliverable mail.
Sorry for the inconvenience. Thank the spammers.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20040207/5f6f7d59/attachment.bin
More information about the gnhlug-discuss
mailing list