[TriLUG] blocking outbound port 22
bak via TriLUG
trilug at trilug.org
Thu Oct 8 15:34:23 EDT 2015
Long ago in a far away land when I was but a nerdling, I was let go from a (rather terrible temporary) job for doing this.
These days I would have just used the data connection I carry around in my pocket all the time.
—bak
> On Oct 8, 2015, at 10:44, Matt Flyer via TriLUG <trilug at trilug.org> wrote:
>
> This sounds like a perfect place to test the application Corkscrew:
> http://www.techrepublic.com/blog/linux-and-open-source/using-corkscrew-to-tunnel-ssh-over-http/
>
> " If you are in an environment that disallows the use of SSH and forces
> the use of an HTTP proxy, it is possible to use that HTTP proxy as a
> transport for SSH."
>
> I worked at a place that was absurdly totalitarian with regards to their
> web proxy. As a design engineer I would frequently research technical
> information and they would even block categorically university sites,
> where you can get a lot of technical papers, as "educational sites
> prohibited".
>
> Using SSH to tunnel out of there was the quick and obvious answer.
>
> Blocking port 22 simply makes the case for moving SSH to a non standard
> port, the old security through obscurity line.
>
>> port ssh , can be easily used for tunneling
>>
>> I think, web proxy is in the blacklist for security reason.
>>
>> On Wed, Oct 7, 2015 at 5:22 PM, Ken Mink via TriLUG <trilug at trilug.org>
>> wrote:
>>
>>>
>>>
>>> Sent from my iPhone
>>>
>>>> On Oct 7, 2015, at 16:52, Wes Garrison via TriLUG <trilug at trilug.org>
>>> wrote:
>>>>
>>>> I ran into a situation today I've never seen before.
>>>>
>>>> I was working at an engineering firm and their IT guy had all outbound
>>>> traffic on port 22 blocked.
>>>>
>>>> Is there any sane reason to do this?
>>>>
>>>> I can't think of any reason to block SSH, but maybe I'm missing
>>> something.
>>>>
>>>> -Wes
>>>
>>> Sure, internal security policies. One place I worked had ALL outbound
>>> traffic blocked. The only way out was web proxy, which also had quite
>>> the
>>> blacklist.
>>>
>>> Ken
>>>
>
> --
> This message was sent to: bak at picklefactory.org <bak at picklefactory.org>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web : http://www.trilug.org/mailman/options/trilug/bak%40picklefactory.org
> Welcome to TriLUG: http://trilug.org/welcome
More information about the TriLUG
mailing list