Creating SSH Tunnel to bypass work firewall.

[PlastikSpork]

Hello everyone,

Recently I came across this article explaining how to create an SSH Tunnel to bypass your work firewall to access any website you wanted.

http://www. *************

I got as far as getting the server up and running and using Putty to connect to the SSH server on my home computer. Where I ran into a problem was configuring IE on my work computer which is already configured to run through a proxy server and I do not have privileges to edit any of those settings. In this article it mentions something about configuring Putty in graphical mode, but I have no idea on how to do this. Also, what are the possibilities that the IT department would found out what I was doing?:whiste: I work the over night shift and there are no IT staff at those times. Any help with this would be greatly appreciated. Thank you...

P.S. I currently use Teamviewer to remote my home computer, but this is limited due to the fact you have no Video/Sound.

---------------
Putting the security of a network that does not belong to you at Risk is Not something that we favor here.

Thread Closed.
JackMDS
Super moderator.

.

 

[Nothinman]

They won't be able to see the specific traffic for the sites that you're browsing, however they should see the SSH traffic spike and become suspicious.

And Anand isn't a place to find out how to work around your work's security policies. If you need access to specific sites for your work, ask IT to whitelist them for you.

 

[PlastikSpork]

They won't be able to see the specific traffic for the sites that you're browsing, however they should see the SSH traffic spike and become suspicious.

And Anand isn't a place to find out how to work around your work's security policies. If you need access to specific sites for your work, ask IT to whitelist them for you.

Boy aren't you just a Debbie Downer :-( If this isn't the place for this type of topic point me into the right direction. This isn't quite the welcome I was expecting from this forum. How is this topic not relevant to Anand? I asked about a question that is computer / networking related. Maybe the reason I wanted to do this is just for educational purposes to learn something new.

 

[ViviTheMage]

You want us to get you fired?!

 

[PlastikSpork]

You want us to get you fired?!

:biggrin: Honestly I just want a straight up answer. Is it possible and if so how would IT find out? If I use ports 80 or 443 to tunnel SSH which are used by HTTP and HTTPS anyways how are they going to know the difference? Unless there is some kind of Intrusion security software that is going to be able to detect it some how. I'm not worried about getting in trouble with using Teamviewer since that is one of the few websites besides weather.gov that they give us access too. If they give us access to that website it must be OK to use it. I've been using Teamviewer to remote my home computer form work for over a year now with out hearing anything from IT. If they are not able to detect Teamviewer running I don't see how an SSH tunnel running on port 80/443 would be any different.

 

[spidey07]

:biggrin: Honestly I just want a straight up answer. Is it possible and if so how would IT find out? If I use ports 80 or 443 to tunnel SSH which are used by HTTP and HTTPS anyways how are they going to know the difference? Unless there is some kind of Intrusion security software that is going to be able to detect it some how. I'm not worried about getting in trouble with using Teamviewer since that is one of the few websites besides weather.gov that they give us access too. If they give us access to that website it must be OK to use it. I've been using Teamviewer to remote my home computer form work for over a year now with out hearing anything from IT. If they are not able to detect Teamviewer running I don't see how an SSH tunnel running on port 80/443 would be any different.

Because tunneling can be recognized by it's traffic pattern regardless of port number. Even more so if there is a transparent proxy in there that you wouldn't even be able to detect.

 

[Nothinman]

Boy aren't you just a Debbie Downer :-( If this isn't the place for this type of topic point me into the right direction. This isn't quite the welcome I was expecting from this forum. How is this topic not relevant to Anand? I asked about a question that is computer / networking related. Maybe the reason I wanted to do this is just for educational purposes to learn something new.

It's obviously computer/networking related, however Anand doesn't condone and help with things that are illegal or violate company policy, copyright, etc.

If you consider breaking your employers network security, violating their policies and potentially getting yourself fired educational and fun that's on you. But my hands are clean and you'll have to figure it out on your own.

Honestly I just want a straight up answer. Is it possible and if so how would IT find out? If I use ports 80 or 443 to tunnel SSH which are used by HTTP and HTTPS anyways how are they going to know the difference? Unless there is some kind of Intrusion security software that is going to be able to detect it some how. I'm not worried about getting in trouble with using Teamviewer since that is one of the few websites besides weather.gov that they give us access too. If they give us access to that website it must be OK to use it. I've been using Teamviewer to remote my home computer form work for over a year now with out hearing anything from IT. If they are not able to detect Teamviewer running I don't see how an SSH tunnel running on port 80/443 would be any different.

HTTP has no encryption so an encrypted stream would be a big flag right there and most proxies should barf on an encrypted stream on 80 anyway since they try to do caching, etc by following the HTTP conversation. HTTPS and SSH have different cryptographic handshakes and fingerprints, it's simple to detect out going SSH because there's a banner with the version of the server as the first data packet. I wrote a snort rule for that in like 2min at my previous job.

I've never looked at TeamViewer's traffic, but if they haven't caught it or said anything then you're probably safe with an SSH tunnel as well. However, that doesn't mean they won't install an IDS/IPS tomorrow, start noticing and fire you next week.

 

[PlastikSpork]

HTTP has no encryption so an encrypted stream would be a big flag right there and most proxies should barf on an encrypted stream on 80 anyway since they try to do caching, etc by following the HTTP conversation. HTTPS and SSH have different cryptographic handshakes and fingerprints, it's simple to detect out going SSH because there's a banner with the version of the server as the first data packet. I wrote a snort rule for that in like 2min at my previous job. I've never looked at TeamViewer's traffic, but if they haven't caught it or said anything then you're probably safe with an SSH tunnel as well. However, that doesn't mean they won't install an IDS/IPS tomorrow, start noticing and fire you next week.

Now this was some useful and informative information. Thank you for this and you have convinced me that what I was doing was risky and not really worth it. Even though I think my IT dept, 3 people, are not even qualified to be in there positions.

 

[Jamsan]

Now this was some useful and informative information. Thank you for this and you have convinced me that what I was doing was risky and not really worth it. Even though I think my IT dept, 3 people, are not even qualified to be in there positions.

their.