Cenzic 232 Patent
Paid Advertising
web application security lab

Archive for the 'BSD and *NIX' Category

Bypassing Firewall Restrictions Via SSH Tunneling

Thursday, August 24th, 2006

I ran into this article about Bypassing Firewall Restrictions Via SSH Tunneling which is actually pretty similar to something I wrote on tunneling Trillian Pro and then id rewrote to more broadly cover the topic. Whatever the case, this is a really invaluable technique if you aren’t already aware of it for bypassing content filters.

I’ve run into this all over the place - schools, libraries, offices, internet cafes, all of them are the same. They may have different reasons for it (protecting intellectual property or protecting kids from the evils of the Internet) but the technique is all the same. They all use content filters that rely on direct regular expressions. Regex is great for some things. For detecting abuse traveling over a network while watching only on the network? Not so much. SSH is a great way to proxy your connection through a network without being stopped. Actually in some rough initial tests, I played with some simple content filters and they couldn’t even “decrypt” rot13. Then I just got silly and started using piglatin. Anything you do will go right through, unless of course, you are trying to get to an IP address that you can’t obfuscate and they have a pattern for.

That’s when proxying your connection comes into play. Now you just load up your ssh client, connect to your external host with the web proxy server (serving only localhost traffic) and you port forward your connection and poof, you’re now bypassing anything you like. It’s really practical for when you are going out to a customer premise and you need to connect outbound but everything under the sun is blocked. Maybe even outbound port 22 is blocked, but if you put your external SSH port on port 80 you can walk right through those primitive network defenses. I mean, if content filters can’t stop pig latin, what hope do they have against AES or Triple DES?

Ignoring the Great Wall of China

Thursday, July 6th, 2006

I wanted to post again about the great Chinese firewall.  Apparently someone had the same idea that id and I had around ways to get around the filters.  Apparently, according this post on bypassing the Chinese firewall, it uses RST packets when it sees the forbidden content pass over it’s firewalls.  The RST packets are sent in either direction. However, if your firewall is set up to ignore RST packets AND the person in China is also set up to do the same, the text will flow through the firewall indisciminately.

However, this isn’t filter evasion, as the flag will still be there (and theoretically could be much worse because it will continue to send RST flags over and over and over for every request you make with the forbidden content in it).  So, without having someone in China to test this theory, it’s hard to do, but it is believed that it will work.  Interesting theory, anyway.  If anyone has some equipment in China that would like to help us test it, it would be a fun experiment (especially for id, I know).

SSH proxy

Wednesday, June 14th, 2006

Proxying applications through firewalls to bounce your connection around is pretty much a must for anyone trying to get around IP based content restrictions or to bypass content restrictive firewalls. This happens a lot in work environments, and is super useful for people out in the field who are on untrusted networks or networks that otherwise cripple your access. id just wrote an article on how to bypass content restrictions based on tunneling connections over SSH.

I wrote a similar article on how to tunnel Trillian Pro that is wildly out of date given that I wrote it two years ago. His is much better and applies to a lot more applications, so read his instead. For anyone who needs to bounce their connection from different IP addresses this is a must read.