Tuesday, January 11, 2011

How I '”usually” bypass transparent content-filters (for troubleshooting purposes)

In my work, transparent content-filtering devices usually throws a (transparent ?) spanner into my troubleshooting work. This usually could be in the form of IPS/IDS devices or transparent proxies. It’s there, happily doing its thing, but quite invisible from end-point device’s perspectives.

My favourite tool in this situation is SSH and its port-forwarding functionality.

Since tunelled traffic is encapsulated and encrypted in SSH transmissions, these pesky transparent device wouldn’t know any better but to allow them through; however, always double-check your Firewall/IPS configurations that it DOES NOT block SSH (default TCP/22) traffic in the first place. Take the following scenario where normal traffic is being (transparently) intercepted and certain policies are applied.

image

This is what SSH and its port-tunnelling accomplishes:

image

It pays to have the endpoint devices to be able to ‘talk’ SSH to have the above to work though. The OpenSSH client on *nix systems or Putty on Windows should work perfectly well as the client.

However, native OpenSSH daemon (as the SSH server component) is not easily available on Windows system (in cases where both endpoints are Windows systems). Have a try at freeSSHd, a Windows implementation of SSH server component; it’s easier than trying to run a Cygwin implementation of sshd.

1 comment:

saiful said...

got this add from business card. i'll be coming here often. tq for sharing