[PLUG] SSHing to a box behind a firewall... netcat maybe?
Randal L. Schwartz
merlyn at stonehenge.com
Sat Dec 27 13:11:01 UTC 2003
>>>>> "Mark" == Mark Allyn <allyn at well.com> writes:
Mark> Can you please be careful in doing this? In many companies,
Mark> if you are caught, you can get into trouble.
Mark> Where I used to work, they monitored all of the network traffic
Mark> using sniffers on the firewall's lan. IT Secuirty was very suspicious
Mark> of traffic that they cannot identify or justify. I knew of one person
Mark> who did get fired for trying to do something like this.
Not that I want to soften this warning, but if they're sniffing, all
they see is a normal outbound ssh connection, encrypted tighter than
the NSA would like you to have for home use. If they are intercepting
the SSH packets and performing a "man-in-the-middle" attack, you'll
know (if you're using ssh2 and not 1) that "the host key has changed",
informing you that something is insecure.
SSH does what it is designed to do.
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn at stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
More information about the PLUG
mailing list