[ale] Overcoming the firewall...
James CE Johnson
jcej at tragus.org
Fri Aug 15 23:24:15 EDT 2003
Jonathan Rickman wrote:
>On Friday 15 August 2003 17:14, Jonathan Rickman wrote:
>
>
>>On Friday 15 August 2003 16:56, James CE Johnson wrote:
>>
>>
>>>Surely someone out there has been down a similar road at some point.
>>>Any suggestions will be met with much praise and admiration.
>>>
>>>
>>Honestly, it sounds like the firewall is mostly doing what it's meant to
>>do. I'd review your company security policy before going any further. You
>>might be headed into dangerous territory. Companies tend to make examples
>>out of people when security awareness is heightened during periods of
>>high activity, such as this week's episode of "As the Worm Turns."
>>
I'm not trying to defeat anyone's security. I sat with the head network
fellow and he said that he would be quite happy for me to use the HTTP
CONNECT method to get out through the firewall as long as I don't
dual-home the office box (and thus establish a network route between his
trusted network and my own). We didn't discuss this particular
configuration at the time because I wasn't aware of netcat and the like.
IMO piping netcat across an ssh tunnel is a lot more secure than the
'ssh -R ...' trick. With this approach I have a single-port,
host-to-host, non-routable mechanism that doesn't endanger the network
at either end.
>
>Now that the admittedly anal disclaimer has had a few minutes to sink in...
>
:-)
>
>http://www.xcorps.net/ftp/pub/tools/misc/GTunnel-1.0.tar.gz
>
>...might do the trick, but I will not provide any assistance.
>
>
>
If that trick will let me pipe a netcat pair over the ssh tunnels and
still somehow manually type in the ssh passwords I think I'll be happy.
Thanks Jonathan,
James
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list