What is Digg?35 Comments
- joel2600, on 10/12/2007, -0/+3digg needs more articles like this. great info
- shimamoto, on 10/12/2007, -0/+1OpenVPN is much better for this sort of thing, in my opinion.
Check out: http://www.digg.com/software/How_to_Configure_OpenVPN_on_a_Home_Network - loginname, on 10/12/2007, -0/+1@veamon:
You do know that this is not all about bypassing work stuff. I tend to use this setup when I'm connected to access points at cafes, or at a public library, or in a hotel.
It's not always about circumventing "the man". There are legitimate uses of this configuration. - contentpig, on 10/10/2007, -0/+1A lot of "business oriented" places don't allow outbound encrypted tunnels e.g. ipsec. But for some reason they all seem to allow https: out on 443.
- dazzla, on 10/12/2007, -0/+1I do the same. However I use cygwin open SSH on a windows box and my own dynamic IP script with my domain hosted for free on zoneedit.com. Also I had to do SSH over port 443 rather than 22 as my employer has that blocked.
Using port 443 your less likely to get noticed. Especially as all your traffic will we encrypted over a standard port used for HTTPS. - fatb0b, on 10/12/2007, -0/+1I better SSH client than Putty is Tunnelier ( http://www.bitvise.com/tunnelier.html ) it has sFTP built in so no need for a seperate FTP client.
- odin, on 10/12/2007, -0/+1meh, just use ssl explorer
- mmischke, on 10/12/2007, -0/+1Bravo! I've been doing essentially the same thing via a Windows box running BitVise WinSSHD behind my home router. I run SSH on port 443, which prevents me from tunnelling HTTPS traffic, but allows me to get through even the most restrictive firewalls.
I've been tempted, but hesitant, to post the details of this on my own blog since I'm a contractor and some clients might not look favorably on my defeating their 'security'.
Like many of us, I need full 'Net access to do my job effectively. All too often, a Google search turns up a critical piece of techie info that happens to reside on a site that caters largely to gamers, and is blocked. - superdave913, on 10/12/2007, -0/+0Old news in my opinion...
http://www.grc.com/sn/notes-015.htm
http://www.dynamicis.com/~superdave/howtos/secure_web_browsing.htm
Importan information though. - RacerX, on 10/12/2007, -0/+0This is exactly what I was looking for. Nice digg!!!!
- inactive, on 10/12/2007, -1/+1So...instead of them seeing your traffic, they'll be seeing you bypassing the standards they have into effect, and still using their machines to access content they dont think is appropriate...let me know how the job hunting goes.
- Sparticuz, on 10/12/2007, -0/+0Yeah...this one has alot of acronyms in it ;-)
- toekneebullard, on 10/12/2007, -0/+0You down with OPP?
- loginname, on 10/12/2007, -0/+0Nope, I usually change my dns servers to 4.2.2.2 ;)
- inactive, on 10/12/2007, -0/+0@loginname
"You do know that this is not all about bypassing work stuff. I tend to use this setup when I'm connected to access points at cafes, or at a public library, or in a hotel.
It's not always about circumventing "the man". There are legitimate uses of this configuration."
Right, I understood that, I took it as being able to 'cover your tracks', which people could use it for. I know at my work, port 22 is open, and could be used for this type of thing. - donutz, on 10/12/2007, -0/+0but you are still doing DNS requests using your employer's DNS server, right?
- Revco, on 10/12/2007, -0/+0Creating a batch file to launch putty for you with needed info is also easy.
putty -D 8080 -P 443 -ssh your.domain.com - pukeAndCry, on 10/12/2007, -0/+0You would be doing DNS queries. I am generally concerned about protecting the content of what I'm surfing for not the URL's (i.e. not using it for porn). Anyhow, since you're on your home network you can change your DSN addresses as loginname mentioned... Or VPN in.
- loginname, on 10/12/2007, -0/+0@dazzla:
Ditto on the zoneedit.com, except I have my WRT54G v4 running DD-WRT update my zoneedit.com account. - loginname, on 10/12/2007, -0/+0For a few years now, this is how I've been tunneling my HTTP when I'm on the road . The only difference is that I use a linux box at my house for my SSH session instead of my WRT54G v4.
Nice article!
I was kind of surprised that this was not mentioned on Security Now.
This works great in conjunction with firefox and proxy button.
http://proxybutton.mozdev.org/ - Gaferion, on 10/12/2007, -0/+0same with loginname, I have been doing this also for a while except I use a linux box instead. OK article, but you dont NEED to have that router/firmware to get it to work. Just an old PC with linux and ssh installed ...
- Guspaz, on 10/12/2007, -0/+0This in itself isn't anything special, but what I'd rather see is a tutorial for the opposite: SSH over HTTP.
TCP over HTTP specifically. There are already software solutions that do this. Essentially they just start up never ending GET and PUT/POST request for upstream/downstream. They then encapsulate the TCP packets and send them over the HTTP connection.
Why would anybody want to do this? Simple. It gets past any firewall. Even if the only internet connectivity you have is via an HTTP proxy, it still works, since it is HTTP traffic.
Once you have the TCP over HTTP tunnel up, then you can tunnel anything else over it. For example, you might want to tunnel SOCKS over it, which itself encapsulates ALL TCP internet traffic on a machine. This means that you could even use BitTorrent behind a firewall that blocks all connections except to the local HTTP proxy.
The problem, of course, is that there is a lot of overhead here. You've got the base layer TCP, on top of that you're putting HTTP, on top of that you're putting TCP, on top of that you're putting SOCKS, on top of that you're putting TCP. But the flexibility is worth it. - volatileacid, on 10/12/2007, -0/+0great tutorial, now for one that allows us to do the same for those who don't have a linksys router! i.e. from ssh tunnel from work to a windows box? Anyone know the easiest way?
- loginname, on 10/12/2007, -0/+0@Revco:
Actually, if you save it as a profile in putty, you can launch it from a shortcut like this as well....
Just set your shortcut target like this
"C:Documents and SettingsloginnameMy Documentsputty.exe" -load "Home"
Adjust for the location of your putty.exe file of course. - dazzla, on 10/12/2007, -0/+0@volatileacid
Just install some kind of ssh server on the windows box. I use cygwin's ssh. This looks like a good guide to setting it up. Might even be the one I used.
http://pigtail.net/LRP/printsrv/cygwin-sshd.html - stoops, on 10/12/2007, -0/+0Yea, this is a good article. My setup is similiar, I have a WRT54GS connected in series to a FreeBSD machine with 2 nics which is connected to the internet. I haven't flashed DD-WRT ontop linksys yet (too scared) but freebsd runs my ssh server. And its a good point, you can and should tunnel your DNS requests through the tunnel. Anyways, I found ssh tunneling much easier than openvpn (which i havent got to work yet) and openssh 4.3 is gonna support vpn connections too. Its gonna be great
- CypherXero, on 10/12/2007, -0/+0I just got finished creating a server tonight. It's running OpenBSD 3.8 with OpenSSH 4.3, and I use it to surf online (via a SOCKS5 proxy), so my passwords and everything I'm doing can't be seen by packet sniffing the traffic on the network. Great for school networks, cafes, hotels, and any other public internet access.
- spamdigger, on 10/12/2007, -0/+0Finally I can surf porn while I'm at work without being hassled.
- mirak63, on 10/11/2007, -0/+0"This in itself isn't anything special, but what I'd rather see is a tutorial for the opposite: SSH over HTTP."
There is better or in fact simpler. SSL is cryptographic protocol used by SSH, and you know what ?
SSL is also used by HTTPS protocol.
with a little program called proxytunnel http://proxytunnel.sourceforge.net/, you can ssh to any remote computer if the http proxy allows HTTPS, and of course every http proxy allows HTTPS.
So you can easily get a remote shell from any computer, or connects to a distant proxy, and better, openssh can act as a socks server, so if you set firefox with socks, you don't even need to install a proxy on your remote host.
Most of the times proxy don't allow port 22, so you just have to make your ssh server listen on 443, the HTTPS port.
What you are doing is undetectable, the only thing people can know is that you connect to the HTTPS port of a remote host, but since traffic is ssl encrypted they can't know what you are doing ... - jaxun, on 10/12/2007, -0/+0Is this more/less secure than using Hamachi or OpenVPN? Hamachi was so f**king easy to set up, I can't help but wonder if it stands up to this. SecurityNow seemed pretty enamored with it.
- FZero, on 10/12/2007, -1/+1"HOWTO: Tunneling HTTP over SSH with DD-WRT, DynDNS and Putty"
Boy, that's an awful lot of acronyms in a title! - AlexWilson, on 10/12/2007, -1/+0Note: I tried this, and had to enable remote web admin access to the router before the SSHD could be accessed from outside.
- tdaddy11, on 10/12/2007, -2/+0(superdave913)
OMG IT'S OLD NEWS! NNNNNNOOOOOOOOOOOOOOO!!!!!!!!!!!!!!!!!! Through it out cause it won't taste right or it'll make you sick. - mogebier, on 10/12/2007, -2/+0I read that title as "HOWTO: Tunneling blah blah over blah blah with blah blah, blah blah and blah blah"
tech-now-lo-gee is hard - illegal_op, on 10/12/2007, -5/+0I agree, but then people would just say "this crap again".
I love these kinds of articles though so +digg
__________________
http://www.leve1.com
© Digg Inc. 2009
— Content created and posted by Digg users is