May have to bow out ;o(

Eek. I'll tell Will about it...he might be able to help....

 

Slight probs being - no broadband, and even *more* pikey attitude to
dial up (ie connect via work, rather than using a normal isp).

Might have to sign up to NThelL after all... (

 

I HTTP tunnel at the moment. That's what our IT bods are objecting to.
Would SSH be any different?

 

That would kind of depnd on what exactly they are objecting too. At a
guess you are using something like sockstohttp. If they are objecting
simply because they can see non http trafic going on an http port,
then the SSH traffic may well pass them by completely [1] simply
because it is where it's meant to be.
The SSH tunnel always worked for me, but then our company was no
reknowned for it's ability to mkonitor itself.

Just out of interest, why do thye object to your http tunnel?
Security risk, or that it allows you to read news?


[1] Assuming that they've not bloccked the SSH port as well. You can
infact SSH tunnel to any port on a remote box, but then you are back
to square one with regards to incorrect protocols alerting IT.

--
Catman MIB#14 SKoGA#6 TEAR#4 BOTAFOF#38 Apostle#21
Tyger, Tyger Burning Bright (Remove rust to reply)
Alfa 116 Giulietta 3.0l. Really, Sprint 1.7
Ducati Monster 600 Metallic
www.cuore-sportivo.co.uk

 

For such a newbie you've really learnt quickly, you know.

 

Why on earth would you want ot do that? You're probsably reading it the
wrong way. The top position is for the saddest going down to the lest
saddest at #20.

Nice.

 

Hhm. I think your assumptions may be correct there. But don't you need
a dedicated server to connect to (ie not a general, public one?) Or
can you set up SSH to any server?

Hah. They say security. Same reason as they banned MSN. (and icq and
AIM, etc). But also we're not supposed to have any apps on our
machines which are not on their list. Only they don't have a list.

Apparently they need the SSH port for SFTP, and so wouldn't be able to
block it without blocking genuine business use.

 

SSH tunnelling is the way forward.

 

G'wan, splain yerself, man.

Port 445 is one of the default SSH ports, right? How well does that sit
with corporate firewalls in their current locked-down state (thanks to
MSBlast, etc.)?

I'm not having a dig at anyone's network security cred, just for my own
edjakayshun, like.

 

I was told it was port 20?

 

SSH is tcp/22. You might be thinking about SSL, which is similar but
different, and defaults to tcp/443.

I would expect more firewalls to have 443 open rather than 22, due to the
number of commerce sites that use HTTPS.

- Dave.

 

x-no-archive: yes

(Warning: long and boring post follows!)

Good point - but unless they are keen to stop you no matter what is
used, there _should_ be a way forward, if you don't mind upsetting them
or bucking their rules (are you really really sure about this?).

you have received suggestions for SSH, SSL, and TightVNC

- I'll add Zebedee (a free secure encrypted tunnelling facility)

<Quote>
Zebedee is a simple program to establish an encrypted, compressed
“tunnel†for TCP/IP or UDP traffic between two systems. This allows
data from, for example, http, telnet, ftp and X sessions to be
protected
from snooping. You can also use compression, either with or without
data encryption, to gain performance over low-bandwidth networks.

In case you were wondering, or even if you weren’t, Zebedee is
named after its three main components ZBD:

*Zlib compression

*Blowfish encryption and

*Diffie-Hellman key agreement.

http://www.winton.org.uk/zebedee/

</Quote>

Zebedee works very well as a tunnel for carrying TightVNC securely (VNC
as supplied is insecure) - the additional overheads are tiny, and the
performance is acceptable even over a 56Kbps modem.

If you had ADSL/Broadband I'd use a Zebedee tunnel to your home.

As you haven't (yet?) maybe someone you know would host a tunnel server
(Zebedee?) for you - it's not a great risk for someone who knows you,
but I'd not do it for anyone IYSWIM.



[of SSH tunnels]

Yes, you need an external server (for all the suggestions made so far) -
but there are quite a few free ones googling for "free http proxies"
will reveal some to suit HTTP and SSL (HTTPS), or see here

http://tools.rosinstrument.com/proxy/

http://www.openproxies.com/

Are you prepared to go against their instructions?

It is possible, but what happens if/when they discover your new tunnel?

[of SSH]

Are you sure it's SSH? <fx:surprised>

 

But surely the packet is encrypted before it leaves your machine since
it is going out through the SSH tunnel? Or have I dropped the ball?

--
Catman MIB#14 SKoGA#6 TEAR#4 BOTAFOF#38 Apostle#21
Tyger, Tyger Burning Bright (Remove rust to reply)
Alfa 116 Giulietta 3.0l. Really, Sprint 1.7
Ducati Monster 600 Metallic
www.cuore-sportivo.co.uk

 

No you need a dedicated one that is configured to listen on the port
you specify, then forward all traffic to your preferred server. I
know there are plenty people here with linux boxes kicking around that
should be able to help. I'd even lend you mine except it's on a
dynamic IP and at someone elses house ATM. Worst case scenario I know
a company that forgot the root pass top a server I set up many years
ago. With some anonymous logins, I could set you up there.

Ahhh, so they are talking crap then

*ding*

Also means that unless they are scanning traffic from your IP
sepcifcally, and that you are allowed to use sftp they won't have a
clue [1] that you're doing it

[1] Given typical level of numptiness exposed so far.

--
Catman MIB#14 SKoGA#6 TEAR#4 BOTAFOF#38 Apostle#21
Tyger, Tyger Burning Bright (Remove rust to reply)
Alfa 116 Giulietta 3.0l. Really, Sprint 1.7
Ducati Monster 600 Metallic
www.cuore-sportivo.co.uk

 

sure I can, but I wouldn't want to to start blubbing.

 

go on then, put a geek-code block in your .sig...

 

Good point. And I can still go for the stats position, coz Agent still
works!

Still don't know how Agent does umlauts though...CTRL + Shift + : then
the letter doesn't work. I know, I know, that's the Word way.
Enlighten me oh wise one.

 

Ok, ok, now I need to know a) what you're on about and b) if you're
just making things up to upset me.

I can blub about all manner of things - people being smarter than me
often works better than people insulting me.

 

Nope. It's real.

--
Dnc
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GO d s+:+ a- C+++ U--- P+ L W+++ N+++ w- M-- PS PE Y+ PGP- t-- 5-- X- R-
tv- b++ DI++ D G- e h-- y+
------END GEEK CODE BLOCK------

 

But now ihave to find out what one is! And I used up all my spare
memory yesterday learning about SSH. Can't take in any more new input
for at least 3 days..