Re: get into the private campus server

---

• From: Andrew Schulman <andrex@xxxxxxxxxxxx>
• Date: Mon, 06 Nov 2006 19:38:53 GMT

---

Have your on-campus server act as an ssh client, connecting out to a
cooperating ssh server. Once the ssh connection is established, you can
tunnel any TCP traffic you like over it, in either direction. To maintain
the connection over the long term, you can use e.g. autossh.

This is a well-known technique that I've used successfully for years. You
can work out the details for yourself.

Of course if you then use that tunnel to move massive amounts of traffic
across the campus firewall, then the admins will quickly catch on. Or, if
you're not careful and the outside ssh server gets compromised, then the
attackers will have a free ride into the campus network, and after they come
in and wreck a few servers, the admins will trace the compromise to you and
show up at your dorm room at 2 AM to take your computer away, right as
you're in the middle of jacking off. Awkward, no? But see, the ssh tunnel
circumvents all of their network controls and allows pretty much any traffic
in or out, and you can bet that when they find out about it they'll be
really pissed. Remember that they know about the technique, but have
probably decided that the risk doesn't justify blocking all outbound ssh
traffic. So now they'll kick you off of the network for sure, maybe out of
the college, take your computer away and good luck getting it back, and
maybe do something overreactive like cutting off all ssh access to the
outside, while explaining to everyone who complains that it's because you
compromised their network.

Have fun.
Andrew.

--
To reply by email, change "deadspam.com" to "alumni.utexas.net"
.

---

• Follow-Ups:
  • Re: get into the private campus server
    • From: Jody Lee Bruchon
  • Re: get into the private campus server
    • From: thealphamale05

• References:
  • get into the private campus server
    • From: thealphamale05

• Prev by Date: Re: Multilink PPP Problem
• Next by Date: Re: Multilink PPP Problem
• Previous by thread: Re: get into the private campus server
• Next by thread: Re: get into the private campus server
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: What is The SSH? ... Building and Using SSH Tunnels ... What is an SSH tunnel? ... how to use it to make a connection to a server. ... You will need a working SSH client and server installation to build and test ... (microsoft.public.windows.server.networking) SSH TCP forwarding: works with v1, not with v2 ssh ... that they're setting up the tunnels with no problem, ... I can get to the work ssh daemon: ... debug1: Connections to remote port 65002 forwarded to local address palimpsest:22 ... something answers (if I get "connection refused" there's no listener); ... (FreeBSD-Security) Re: SSH TCP forwarding: works with v1, not with v2 ssh ... >that they're setting up the tunnels with no problem, ... >I can get to the work ssh daemon: ... > debug1: Entering interactive session. ... > Connection closed by foreign host. ... (FreeBSD-Security) Re: sftp over two connections ... from there I log onto LIN and I can work on the console. ... > X tunneling works as well, and I tunnel additional ports to control ... > connection be tunneled through SSH so that I could mount LIN's ... (comp.security.ssh) Re: PPP VPN solution over ssh tunnel? ... I run an ssh tunnel home from work all day long. ... I could run a traditional VPN connection ... but it worked for some things socks proxy did not. ... (comp.os.linux.networking)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Newsgroups  > comp.os.linux.networking  > 2006-11