Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SSH tunnel question.

from [Ventsislav Genchev] Network Security [Permanent Link]
Subject: Re: SSH tunnel question.
Date: Wed, 6 Jun 2007 15:00:55 +0300 
Then, how about considering using openvpn, instead of some solution
based on ssh? With openvpn you can build a client to server vpn
connection and also define the port and even the protocol that will be
used.

The only thing that might bother you is that you'll need to install an
openvpn tool for your Windows Desktop station.

Check out: http://openvpn.net/

Cheers,
Ventsi

On 5/29/07, Leif Ericksen <lericksen@sbcglobal.net> wrote: 
Sounds like a good solution but like the IP V6 it might not work.
On the desktop server we have Internet Explorer and Windows XP I do have
admin rights there but corporate policy limits what can be installed.

The first box that I wish to bounce my traffic off of is a Solaris
server, and I do not have admin rights on that server.  The Box on the
Extranet is a Linux server and I am root on that server.  Then finally
the management Module that runs a web server and provides a webmin/vnc
like feature that is run by Javascript is IBM code to monitor and manage
the blades in the blade center.   Nothing can installed on the
management module since it is run by firmware.  The ports for remote
control can not be changed unless IBM recently updated that (because of
complaints I and others have made)

Blessed by the Security group from the corporate desktop with a
permanent lease is direct access to the management module (ports
80/443/1044/1045/5900).  But that does not help when I am connected to
the corporate VPN (1044/1045/5900 are restricted  if only I could make
that be port 8950 or something other than 5900 I would not have this
issue).

This is not something that I am trying to do to just bypass security, I
am trying to do this and have it blessed by the security group.
I also own only a few parts of the puzzle, and like my desktop I am
limited on what can be installed on the extranet server by corporate
policy.

--
Leif
On Mon, 2007-05-28 at 11:36 +0300, Ventsislav Genchev wrote:
> Hi Leif,
>
> You didn't mention any operating system, but If you have Linux based
> box in the room you may try using ppp over ssh vpn connection:
>
> http://tldp.org/HOWTO/ppp-ssh/index.html
>
> Of course this will be needed if only the 22th port is accessible...
> Otherwise any other kind of tunneling will be more easy to setup and
> manage.
>
> Good luck,
> Ventsi
>
> On 5/25/07, Leif Ericksen <lericksen@sbcglobal.net> wrote:
> > I have a need to securely pass traffic from a corporate Intranet server
> > to a server on the Extranet and in turn have that pass traffic to a
> > device on the Extranet/management net.
> >
> > GIVEN:
> > D = desktop 14.1.2.189
> > H = hop box  11.10.10.2
> > E = Extranet box 10.20.1.5
> > M = IBM Management module on the management network. 10.30.1.6
> >
> > A member of my team sneaked in a request that when we are on the CORP
> > VPN we have access to the Extranet server.  I hope this goes away soon,
> > but I have tested this and it works.
> >
> > using putty first on the desktop...   putty -D 8080 -P 22 -ssh E
> > I then configure IE to talk to a socks server on 8080 and I am able to
> > access M on ports (80/443, 1044, 1045, and 5900)
> >
> > now what I want to do is go D -> H ->L -> M
> >
> > What I have tried so far
> > - I configure a session to ssh from D to H on port 22
> > - in the tunnels section I select dynamic
> >    - port 8080
> >    - destination is set to H
> > I save that make a connection bring up IE, and run a test, my IP is now
> > reporting that of H rather than my desktop IP.
> >
> > After that I go back to putty and for the remote ssh command I have
> > tried
> > ssh -D 8080 E
> > ssh -N -D 8080 E
> >
> > So far no luck with the double hop or the double SOCKS.  I want to avoid
> > having any extra software installed if at all possible to make this
> > acceptable to my security group.  IS this something that I can do, or
> > will I have to get creative with the -L option (possible -R as well as
> > -g ) so that I can move ports <1025 to that > 1025 so that I can do this
> > as a non-root user?
> >
> > Now I am not looking for the complete solution but a little direction to
> > solve the problem.  But if you want to give the solution that is ok as
> > well.  I may also suggest for security we just stop and H and to go M so
> > that we do not have unrestricted web access on D.
> >
> > --
> > Leif
> >
> >
> >
>



[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Auditing SSH logs, Ian Grant
Next by Date:  RE: OpenSSH strange behaviour, Wilson, Richard E
Previous by Thread:  OpenSSH strange behaviour, No Spam
Next by Thread:  Re: SSH tunnel question., Leif Ericksen
Indexes:  [Date] [Thread] [Top] [All Lists]