[clug] secure remote access method [SEC=PERSONAL]
Geoff Swan
shinobi.jack at gmail.com
Sat Jun 20 03:58:05 GMT 2009
Perhaps I should have said earlier that my exhaustive study of proxies
that do not distinguish between ssh and ssl on port 443 includes 3
proxies in total ... :P hardly a sample size to base a statistic on.
However, perhaps those sysadmins thorough enough to distinguish
between the two either have a *really* good reason to do so or will be
happy to add an exception where justified... I had a situation where
we were tunneling out of a network using ssh over 443, so to keep it
above board went and explained what we were doing to the sysadmin -
his response was great, not only did he not mind - he added an
exception to his throttling rules to give us full speed for that
connection.
Geoff
On 6/20/09, jm <jeffm at ghostgun.com> wrote:
>
>
> Daniel Pittman wrote:
>>> Another good idea. I also missed the idea by Geoff Swan on the fact that
>>> because 443 is used by SSL it's considered opaque and so ssh also works
>>> there.
>>>
>>
>> Actually, SSL and SSH are infinitely identifiable traffic streams. The
>> *content* is protected, but the fact that you are (or are not) running SSL
>> or
>> SSH is visible to an attacker who is looking for it.
>>
>> (Heck, the SSH banner is plain-text. ;)
>>
>>
>
> Of course. your correct. I've see the ssh banner many times myself when
> testing and should have thought of it. It's possible that the reason
> this works as described is that it is, for some unknown reason,
> considered opaque to the firewall manufacturer, that the manufacturers
> got lazy (had better things to do), or that Geoff simply hasn't
> encounted a firewall that can tell the difference yet a simple case of
> YMMV. :-)
>
> Jeff.
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
>
--
Sent from my mobile device
More information about the linux
mailing list