RE: bypassing employer s proxy to surf anonymously

From: Craig Wright (cwright@bdosyd.com.au)
Date: Tue Jun 13 2006 - 19:29:15 EDT

• Next message: Ivan Arce: "Re: Publishing Findings on Commercial Applications"
• Previous message: Eduardo Espina: "Physical ports in IOS"
• Next in thread: gimeshell@web.de: "Re: bypassing employer s proxy to surf anonymously"
• Reply: gimeshell@web.de: "Re: bypassing employer s proxy to surf anonymously"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

SSH is easy to detect. It starts by advertising that it is SSH and the version - all in clear text.
 
Making SSH run over 443 is not going to stop detection if it is being looked for,
 
Craig

        -----Original Message-----
        From: Mario Platt [mailto:mplatt@gmail.com]
        Sent: Wed 14/06/2006 8:23 AM
        To: misiu_@gmx.de
        Cc: pen-test@securityfocus.com
        Subject: Re: bypassing employer s proxy to surf anonymously
        
        
        Hi,
        
        Yes, it's "harder to detect" as in "there are fewer chances of this
        being monitored than anything else, but it's really quite simple to
        detect. If you have some firewall that analyzes data commands being
        sent over well known port numbers, an SSH tunnel over 443 IS quite
        different from an HTTPS connection.
        
        On 6/13/06, misiu <misiu_@gmx.de> wrote:
> gimeshell@web.de schrieb:
> >
> > Perhaps there is some technique to hide data in unsuspicious packets?
> >
> > regards,
> > gimeshell
> >
>
> I would run sshd at port 443 (https)
> And use on the client machine http://www.agroman.net/corkscrew/ <http://www.agroman.net/corkscrew/>
> For me it is the best, to hide traffic. Its all based on SSL.
> HTTPS and SSH
> It is harder to detect, as far as I know, noone monitors remote-server
> IP's. Or?
>
> M
>

Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy.

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access.

• Next message: Ivan Arce: "Re: Publishing Findings on Commercial Applications"
• Previous message: Eduardo Espina: "Physical ports in IOS"
• Next in thread: gimeshell@web.de: "Re: bypassing employer s proxy to surf anonymously"
• Reply: gimeshell@web.de: "Re: bypassing employer s proxy to surf anonymously"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:05 EDT