School firewall evasion with SSH & Proxies
Never again have your curious Google searching or social networking adventures be thwarted by your school or office firewall. Darren show off free and easy ways to bypass the filters using SSH or your own homegrown web proxy.
SSH Tunneling isn’t new to the show, we’ve done it before over DNS or in conjunction with VNC. Today we’re looking at two SSH tricks for tunneling just about any traffic.
First up, ssh -D. The -D option specified a local "e;Dynamic"e; application-level port forwarding. Any connection made to the specified port goes through the tunnel as a SOCKS4 or SOCKS5 proxy. Perfect for secure web browsing as demonstrated with Firefox in this segment.
Usage
ssh -D 8080 user@server
Second, ssh -L. The -L option enables port forwarding. Using this option tells the SSH client to listen to traffic on a specified port and forward it along through the tunnel. The server receives this data and points it to the specified destination, whether it be on the destination network or otherwise. In our example we use the -L option to securely connect to an open IRC server.
Usage
ssh user@server -L local-listen-port:destination-ip:destination-port
For more SSH-fu check out the ssh man page or Linux Journal’s interesting series on 101 uses of openssh.
[...] Hak5 – Technolust since 2005 » School firewall evasion with SSH … [...]
[...] Mr Mackenzie has been taking a few lessons from some of his peers over at Revision3 Stuff like this is prolific on the web and watched by our 9-18 yr olds on a daily basis, is it any [...]
[...] Read more from the original source: Hak5 – Technolust since 2005 » School firewall evasion with SSH … [...]
Potential harmful -
these kinds of TCP-Level proxying tends to sent DNS in clear-text (In theory Socks4 allows resolution and some proxies (privoxy) actually do so, but most don’t[1]). Thus mitm-attacks are still possible.
Using OpenVPN can help – furthermore: Since OpenVPN is http-Proxy friendly it may be used in a lot of firewalling-bypassing scenarios.
Keep smiling
yanosz
[1] Since this issue is also related to tor, more info is provided here:
https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#IkeepseeingthesewarningsaboutSOCKSandDNSandinformationleaks.ShouldIworry.3F
I used a set-up like this to bypass torrent firewalls at my University. But here’s the kicker, I was using their own servers to do it! As a Comp.Sci. Major, I had access to CS Servers which were outside the firewall, and unrestricted. Haha.
No need to use PHProxy if you’re using SOCKS5. Use FoxyProxy on Firefox and turn on the option to send DNS lookups through the proxy and everything is secure from your client to your ssh host. No way the firewall can block your domains either. It didn’t get the request.
Hopefully someone can help me with my problem:
So i try to set up a VPN server inside my homenetwork (inside) and want to be able to contact it from the outside (outside).
The setup of the server is completed and it works on port 4430, so i’ve tried from inside the network (LAN) and outside the network (WAN) and it works each time!
So that’s great, the only problem i’m having is that another ISP that i sometimes use have all outgoing ports blocked, except a few, unfortunaly not 4430.
So my question now is: How will i be able to connect to my home server when the port is blocked on the outside internet connection?
Extra hickup: I can’t open any ports of the outside connection and in my home connection is 4430 the only open port.