Re: PuTTY woes at new job

Thu, 21 Feb 2008 22:36:48 -0800 

Lan Barnes wrote:
>
> On Thu, February 21, 2008 4:03 pm, SJS wrote:
>> Then I think you're doomed. If they're forcing you to use a proxy
>> server, then they've presumably locked down all outgoing traffic from
>> your subnet except to the server(s).  (Incoming traffic too, but that's
>> only to be expected.)
>>
>>
>
> Can I try the port 80 trick? "I'm just an innocent packet going out to
> ping a return of very important ... umm .... MARKETING information --
> yeah, that's the ticket -- marketing information from a web server I know
> in Point Loma."

If they are using a true proxy, which I think is likely, then you must use
http protocol out port 80. The point of an application proxy firewall in a
secure network environment is to do exactly what Stewart was suggesting,
examine every packet and make sure it's the right protocol for that
application. If it's not an http packet then you can't proxy it at the
application level, so it shouldn't work. That's why they're called application
proxies. Proxy firewalls that are well managed, and by reports I hear Sony's
are, are very difficult to bypass. If there's a proxy for it, that's the
default way to get out of that port. If there's no proxy, that port is closed.

Josh alluded to using https port 443, which is probably a good plan. Since
it's already encrypted, and since you can't really proxy an ssl connection,
it's more likely to slip past the egress filtering.

But, you have a second filter on your home ISP network. I believe the cable
companies filter incoming 25, 80 and probably some other ports. I don't recall
hearing if they filter 443.

So I would second Josh's advice. Run your sshd on port 443 and use that as
tunnel back to home. If that doesn't work, wait until you go home to read
email.

-- 
Neil Schneider                          pacneil_at_linuxgeek_dot_net
                                           http://www.paccomp.com
Key fingerprint = 67F0 E493 FCC0 0A8C 769B  8209 32D7 1DB1 8460 C47D

I help busy professionals diversify their self-directed IRAs and portfolios
with real estate they don't have to manage.  Please let me know if you or
someone you know would like more information.


-- 
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list

Reply via email to