Traversing the Corporate Firewall
by superbeast
Remember the day you started your new job at that major corporation?
Finally, job security!
Of course, your joy was quickly curtailed when you realized your only access to the Internet was via HTTP or HTTPS. No personal mail, no news groups, IRC, VPN, etc., etc., etc.
What fun is a corporate job if you can't exploit it for personal use?
I needed my newsgroup fix and Google Groups was not going to satisfy it.
Discover
I did some researching and found a way to traverse the firewall using SSH.
Now, SSH by itself is basically just a secure Telnet. However, many SSH clients allow you to perform port forwarding.
Port forwarding allows you to specify forwarding from a port on your local machine to a port on any remote machine via the SSH client. This means if you have a server at home with high-speed Internet access, you can connect to it via SSH and forward ports through it.
Then you can point your mail client or news client or any other client to the localhost:port and connect to the remote machine. People are currently using HTTP tunneling, but this is a way to tunnel any TCP/IP connection, and to work through your own or a friend's server.
Implement
I know what you're thinking - SSH runs on port 22 and the firewall has that blocked. Big deal! You have two options:
1.) Via SOCKS
This method requires you to set up a SOCKS proxy on your server.
You can configure the SOCKS proxy to listen on port 443 rather than the standard 1080. You can then configure your SSH client to use your SOCKS proxy server on the given port. This way you can send your SSH traffic through the SOCKS proxy and to port 22 on the local server. It can be referenced by internal name or internal IP address.
Here is how I set mine up:
Home Server
- Name: gonzo
- Internal IP: 192.168.1.1
- External IP: 123.123.123.1
- Configure SOCKS proxy to listen on: 123.123.123.1:443
- Configure SSH to use: socks://123.123.123.1:443 as proxy.
- Configure SSH remote host as gonzo or 192.168.1.1.
Pros
You are obscuring the fact that you are running an SSH server by blocking port 22 and using SOCKS to connect to it.
If you are scanned, most people will assume SSL and leave you alone. You also have a SOCKS server to use as a proxy for other programs if you like.
Cons
If you leave your SOCKS proxy open, others may find it and use it. The best thing to do would be to configure it to only allow connections to the local box.
2.) Via Port 443
This method is very similar; just set the SSH server to listen on 443 and set your SSH client to use 443 instead of 22.
Pros
Easy to set up.
Cons
If someone scans you, they may realize you are running SSH and try to connect or exploit it.
Conclusion
Once you get this up and running, you will see the power of using port forwarding.
Not only can you use it for POP3, SMTP, NNTP, etc., but you can also use it for terminal services.
Imagine opening an RDP client on your machine at work and connecting to your desktop at home! And to top it off, all traffic running through the tunnel is encrypted.
If your corporate security group is sniffing or gathering traffic stats on you, none of this will show up. It will look simply like an encrypted session with your server.
Good luck!
Software Used
These are all for Windows, but there are definitely Linux equivalents.
SSH Clients
SecureCRT - www.vandyke.com
SSH Secure Shell - www.ssh.com
SSH Servers
VShell - www.vandyke.com
SOCKS 5 Proxy
Wingate - www.wingate.com