Paid Advertising
web application security lab

Bypassing Firewall Restrictions Via SSH Tunneling

I ran into this article about Bypassing Firewall Restrictions Via SSH Tunneling which is actually pretty similar to something I wrote on tunneling Trillian Pro and then id rewrote to more broadly cover the topic. Whatever the case, this is a really invaluable technique if you aren’t already aware of it for bypassing content filters.

I’ve run into this all over the place - schools, libraries, offices, internet cafes, all of them are the same. They may have different reasons for it (protecting intellectual property or protecting kids from the evils of the Internet) but the technique is all the same. They all use content filters that rely on direct regular expressions. Regex is great for some things. For detecting abuse traveling over a network while watching only on the network? Not so much. SSH is a great way to proxy your connection through a network without being stopped. Actually in some rough initial tests, I played with some simple content filters and they couldn’t even “decrypt” rot13. Then I just got silly and started using piglatin. Anything you do will go right through, unless of course, you are trying to get to an IP address that you can’t obfuscate and they have a pattern for.

That’s when proxying your connection comes into play. Now you just load up your ssh client, connect to your external host with the web proxy server (serving only localhost traffic) and you port forward your connection and poof, you’re now bypassing anything you like. It’s really practical for when you are going out to a customer premise and you need to connect outbound but everything under the sun is blocked. Maybe even outbound port 22 is blocked, but if you put your external SSH port on port 80 you can walk right through those primitive network defenses. I mean, if content filters can’t stop pig latin, what hope do they have against AES or Triple DES?

5 Responses to “Bypassing Firewall Restrictions Via SSH Tunneling”

  1. id Says:

    It can also be useful for getting free internet access in some airports by bypassing their port 80 redirect… (note, you should go by IP address as they often have DNS redirects as well) probably works other places as well.

  2. Legionnaire Says:

    SSH Tunnels have been around since for ever. They have many uses and one of them is security over a third-party network. I just don’t get it why people suddenly think they’ve discovered America and go around happy about “this new thing SSH Tunnels”.

    This isn’t against you RSnake. It’s just an observation I make since only the last couple of weeks I’ve seen many articles-tutorials on the subjet treating it as breaking news.

  3. RSnake Says:

    It’s certainly not new, just not that many people know how to do it in practice. Same is true with lots of the stuff I talk about on the blog actually. Most of this stuff I’ve been working on for 5-10 years, but not a lot of other people understand the nuances.

  4. pheno Says:

    I just use the ssh program with its -D switch together with the tsocks program:

    sudo echo ’server =′ > /etc/tsocks.conf
    screen ssh -D 1080
    tsocks irssi

    etc. And FoxyProxy with Firefox, using localhost:1080 as socks server.

  5. tennis188 Says:

    could any of u guys translate that into instructions for some who has noooo idea what a port 80 and the rest of the stuff ur talking bout is?would be greatly appreciated