Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Two-hops SSH tunnelling

from [Loris Serena] Network Security [Permanent Link]
Subject: Two-hops SSH tunnelling
Date: Tue, 23 May 2006 16:52:50 +0100 
Guys,

I managed to get the following working:

----------------------------------------------------------------------------------------------------
A firewall between SERVER and CLIENT only allows TCP port 22 from
SERVER to CLIENT (but not viceversa!)

   SERVER    -------22------>   CLIENT

What I would like to achieve via ssh tunnelling is to send TCP port
1984 traffic from CLIENT to SERVER:

   SERVER    <-----1984------   CLIENT
------------------------------------------------------------------------------------------------------

by running (on SERVER):
$ ssh -f -N -R 1984:SERVER:1984 CLIENT


Now I'd like to add the next (and last) bit of the configuration to the
picture:

There is another firewall between CLIENT and GOOFY, again only allowing
TCP port 22 from CLIENT to GOOFY (and NOT viceversa!):

    SERVER    -------22------>   CLIENT   -------22------->   GOOFY

What I would like to achieve via ssh tunnelling is to send TCP port
1984 traffic from GOOFY to SERVER (through CLIENT):

    SERVER   <-----1984-----   CLIENT
    SERVER   <----------------(CLIENT)----------1984------   GOOFY

Please note that:
a. the remote forwarding of 1984 from CLIENT to SERVER is already working;
b. there is no native process on CLIENT listening on port 1984.

I ran `ssh -f -N -R 1984:127.0.0.1:1984 GOOFY` on CLIENT,

but testing that with telnet from GOOFY, it failed as follows:

[GOOFY]$ telnet localhost 1984
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused


So, how do I do that?
Any security issues I shold be aware of?


Thanks in advance

Ciccio

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Kerberos 5 authentication without password?, Jeff Blaine
Next by Date:  Re: Kerberos 5 authentication without password?, Darren Tucker
Previous by Thread:  Kerberos 5 authentication without password?, Jeff Blaine
Next by Thread:  Re: Two-hops SSH tunnelling, Giancarlo Razzolini
Indexes:  [Date] [Thread] [Top] [All Lists]