Re: bypassing employer's proxy to surf anonymously

From: dajackman (robby.lists@gmail.com)
Date: Tue Jun 13 2006 - 13:08:34 EDT


What about http://www.hamachi.cc/ and a VNC....

On 6/13/06, Hubert Seiwert <hubert@westpoint.ltd.uk> wrote:
> When using SSH through the local proxy, it might be an idea to run the
> outside sshd on
> port 443, so it's harder to distinguish from an https server.
>
> Also, in case you're not aware, a proxy server on the other side
> (Privoxy in your example)
> is not really necessary - You can use the ssh -D option (or 'Dynamic' in
> the PuTTY port
> forwarding options) to get a SOCKS server on localhost which makes
> outside connections
> through the remote sshd.
>
> Another method of tunneling would be through DNS. You say that dns
> traffic is blocked
> on the server, but as long as there is a DNS server on the internal
> network that will do
> recursive resolving for you it's possible. You can use Dan Kaminsky's
> OzymanDNS scripts
> to get an stdin/stdout pipe to a remote host through DNS, through which
> you can then run
> ssh using the -ProxyCommand option. You need Perl with threads support
> enabled on the
> server and the ability to delegate a subdomain to the ozyman dns server.
>
> References:
>
> http://www.doxpara.com/slides/BH_EU_05-Kaminsky.pdf
> http://dnstunnel.de/
>
> If the local network is being monitored, you would see a great deal of
> DNS queries which
> would raise a red flag, but if only the local proxy is being monitored
> this kind of tunneling
> would be invisible.
>
> Disclaimer: Bypassing your company's internet proxies and breaking the
> internet AUP is not
> recommended and may get you in trouble.
>
> --
> Hubert Seiwert
>
> Internet Security Specialist, Westpoint Ltd
> Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom
>
> Web: www.westpoint.ltd.uk
> Tel: +44-161-2371028
>
>
>
> gimeshell@web.de wrote:
> > Hi,
> >
> > perhaps subject sounds a little bit hard, but hard words are often
> > much clearer than polite words.
> >
> > Someone is trying to find smartest way to bypass employer's
> > proxy from intranet. You can see it as a principle: there is someone
> > who don't want you to do something, but you know you will be
> > better...because you are an geek.
> >
> > First of all, it works but i need help in fixing some flaws.
> >
> > Situation:
> >
> > Server: Windows 2000, proxy and simple packet
> > filtering to eliminate icmp traffic, dns traffic and some more packet
> > types,
> > Client: Windows 2000l, putty tunneling local port
> > There is no ip forwarding enabled on server so i fortunally must use
> > proxies facilities. Proxy has following 'special' ports open: 1080,
> > 2121,
> > 3128.
> >
> > For port 3128 you must login with username/passwort. It is known.
> > Fort port 2121 there is only username without pass required.
> >
> > Host A INSIDE...localport 4444--->ssh tunnel--->through PROXY/FIREWALL
> > (3128)--->Host B OUTSIDE (22) running privoxy (proxy server).
> >
> > Problem:
> >
> > Proxy is monitoring traffic and shows much suspicious traffic flowing to
> > xxx.xxx.xxx.xxx (https). That's the ssh tunnel to destination
> > with dynamic ip address.
> >
> > Question:
> >
> > Is there a solution to prevent proxy traffic monitor (and therewith
> > big brother) to see SSH traffic to dynamic ip? So that there isn't any
> > suspicious line in proxy traffic monitor's output? The best: Proxy
> > doesn't get notice of nasty traffic at all.
> >
> > Perhaps there is some technique to hide data in unsuspicious packets?
> >
> > regards,
> > gimeshell
> >
> > ------------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Concerned about Web Application Security?
> > Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
> > Choice Award from eWeek. As attacks through web applications continue to rise,
> > you need to proactively protect your applications from hackers. Cenzic has the
> > most comprehensive solutions to meet your application security penetration
> > testing and vulnerability management needs. You have an option to go with a
> > managed service (Cenzic ClickToSecure) or an enterprise software
> > (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
> > help you: http://www.cenzic.com/news_events/wpappsec.php
> > And, now for a limited time we can do a FREE audit for you to confirm your
> > results from other product. Contact us at request@cenzic.com for details.
> > ------------------------------------------------------------------------------
> >
> >
> >
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
> Choice Award from eWeek. As attacks through web applications continue to rise,
> you need to proactively protect your applications from hackers. Cenzic has the
> most comprehensive solutions to meet your application security penetration
> testing and vulnerability management needs. You have an option to go with a
> managed service (Cenzic ClickToSecure) or an enterprise software
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
> help you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to confirm your
> results from other product. Contact us at request@cenzic.com for details.
> ------------------------------------------------------------------------------
>
>

-- 
-dajackman
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:05 EDT