Obviously port 22 is blocked. Is there a way that I can set up a tunnel on an open port? Or does the server reply on port 22 regardless? I'm trying to tunnel to rootshell.be but the router here keeps blocking attempts...
Any ideas??
Thanks
Printable View
Obviously port 22 is blocked. Is there a way that I can set up a tunnel on an open port? Or does the server reply on port 22 regardless? I'm trying to tunnel to rootshell.be but the router here keeps blocking attempts...
Any ideas??
Thanks
Tell the router not to block it...or to forward your request to the machine you are trying to access.
Isnt 22 ftp...which is usually blocked by default on most routers??
MLF
Negative. 21 = FTP Control 20 = FTP Data, 22 = SSHQuote:
Originally posted here by morganlefay
Tell the router not to block it...or to forward your request to the machine you are trying to access.
Isnt 22 ftp...which is usually blocked by default on most routers??
MLF
Agree with post though, just unblock SSH, otherwise I assume its blocked for a reason and you should take that up with your security folks (assuming that isn't you otherwise you'd just unblock it...)
22 is SSH...
What you can do, is find a port that is open. Then setup a relay somewhere that listens on that port and forwards to port 22 on that host. Netcat can be used to do this.
This does require a host to do it on though.
sorry...still on my first coffee....Quote:
Negative. 21 = FTP Control 20 = FTP Data, 22 = SSH
and a little foggy from some very nice Australian Shiraz last night :cool:
As mentioned...unblock it....or contact the routers admin...and have them unblock it.
MLF
Correct. However, if its not your network, you can easily be caught.Quote:
Originally posted here by zENGER
22 is SSH...
What you can do, is find a port that is open. Then setup a relay somewhere that listens on that port and forwards to port 22 on that host. Netcat can be used to do this.
This does require a host to do it on though.
The IDS/IPS *should* detect ssh on non standard ports. I know bleeding snort does...
If you're firewall/gateway is good enough... it'll have protocol/applicaiton filtering too.
Not all firewalls block just on src. dest. rules.
Basically... if you try it on anyone's network with half a brain... they'll see your attempts.
I figured that port 22 was blocked. That was obvious.
I was just thinking that I could set putty up to make the request over port 80. Thence my ssh tunnel would be entering through port 80, unobstructed.... I guess that I was wrong. The server that I'm trying to connect to must also be set to communicate through port 80 for ssh as well then.
Atleast, I think...
There's no way that the admins here will unblock ssh, simply, because we don't use it.
This basically means that I can't use UNIX/Linux at work whatsoever then :(....
I really need shell access to practice, I instaled Cygwin... but it's not the same...
I might just have to use vmware player and run a live distro while in Winblows but an encrypted tunnel would be much nicer.
If you guys have anymore ideas then PLEASE don't hesitate so that I can try them....
Thanks for the assists.
Shouldn't you be doing your job when you're at work? If getting shell practice is job related I'm sure your boss wouldn't mind it if you installed vmware/virtualpc. Or ask for another PC to play with..
I have to ask though, why would an encrypted tunnel be nicer then a fully blown *nix install to play with? Sounds like you want to do something else besides getting "shell practice"?!? :confused:
Why not ask the admins.....they usually handle the setup of computers and the OS running them...at least I do.....I just dont allow users to say I want to run linux and set a linux box up....or install it on thier WS....that would be a big no no...its against the companies AUP....now if they approached me and said...hey I want to install a *nix box cause we could run this program and it would save us money blah blah blah....I would probably go for it.....cause some of our stuff is going web based any way....OS doesnt matterQuote:
This basically means that I can't use UNIX/Linux at work whatsoever then
Quote:
I really need shell access to practice, I instaled Cygwin... but it's not the same...
Practice on your own network :DQuote:
If you guys have anymore ideas then PLEASE don't hesitate so that I can try them....
MLF
TCP Wrapper and SSH Port Forwarding for 1000 Alex.
I wont get into "what you need to do at job place" - the "contact your sysadmin to ask him about" was already stated. :)
Next, have a look at GNU httptunnel (actually you can install it from cygwin since it's in the package list) and you may even tunnel the ssh connection. The drawback - you need it both running on the server end and client end so you'll have to ask your shell provider to run it too (which I doubt they'll do) or... set up a httptunnel redirector at home computer.
The other possible "tunneling" software might be corckscrew - have a look here and on its homepage.
Final note - it might be easier to reason with your sysadmin, use a live-cd or vmware-install to get around with linux instead of wasting energy into 'getting around' - an aware sysadmin will get you. :) So, if you want to do the shell IRC-ing, do it from home and not at work. :)
What is setting up your own box on your home network with its own ssh server running on a commonly allowed port?Quote:
da da da da da daaa (poor attempt at Jeopardy music)
I was thinking more along the lines of Twilight Zone..... :pQuote:
That's a good idea.... I probably would be able to set up an ssh server at home on port 80 or something else just as common. One guy stated earlier that it might filter applications as well.
I guess we'll just have to see what happens once I set up a home machine.
Thanks for the help.
If there is good security gear ala IPS/IDS and such in place, the port will make no difference as the protocol filter will see the SSH negotiation. You can guess what happens next when the sec admin gets the alert. My advice would be to wear some body armor cause sec admins prefer aluminum bats.
--TH13
Hense, my warning. ;) He would get that by me on my network. ;)Quote:
Originally posted here by thehorse13
If there is good security gear ala IPS/IDS and such in place, the port will make no difference as the protocol filter will see the SSH negotiation. You can guess what happens next when the sec admin gets the alert. My advice would be to wear some body armor cause sec admins prefer aluminum bats.
--TH13
Now... maybe if he were to tunnel ssh over https on port 443...
http://dag.wieers.com/howto/ssh-http-tunneling/
if you can install software put vmware player on and set it up to run a live cd. if you dont have the rights to install you shouldn't even be asking these questions unless your goal is to be a carpenter but having Auditor running on your box can be allot more fun that a shell account plus you can still do your work on windows
hunterhunter. I know that your security admin wouldn't let you go with the 22 port open. So, why not you try to tunnel by visit this website? You will learn much about it.Quote:
Originally posted here by hunterhunter
I figured that port 22 was blocked. That was obvious.
I was just thinking that I could set putty up to make the request over port 80. Thence my ssh tunnel would be entering through port 80, unobstructed.... I guess that I was wrong. The server that I'm trying to connect to must also be set to communicate through port 80 for ssh as well then.
Atleast, I think...
There's no way that the admins here will unblock ssh, simply, because we don't use it.
This basically means that I can't use UNIX/Linux at work whatsoever then :(....
I really need shell access to practice, I instaled Cygwin... but it's not the same...
I might just have to use vmware player and run a live distro while in Winblows but an encrypted tunnel would be much nicer.
If you guys have anymore ideas then PLEASE don't hesitate so that I can try them....
Thanks for the assists.
If you don't have unix or linux box, try this :
http://www.cyberknights.com.au/doc/P...ing-HOWTO.html
Have fun !
If you still confuse. This website is more clearly to understand how to config over through port 80:
http://oldsite.precedence.co.uk/nc/putty.html
"TCP Wrapper and SSH Port Forwarding for 1000 Alex" -RoadClosed
There's your fix...
If it is using some form of filtering higher up in the OSI model, your going to have to "wrap" the SSH negotiations in some form that is permitted thru the router. At this point if your still wanting to continue, you'll go grab the help wanted section of the newspaper, and then probe the border perimeter to determine it's characteristics ( Supported protocols, allowed ports, QOS, ...ect)
It probally would be a better idea to just ask the admin, though....
Thanks for the ideas everybody.
I'll post back with some results shortly.
Regards
i cannot believe noone mentioned netcat...
Quote:Quote:
Originally posted here by zENGER
22 is SSH...
What you can do, is find a port that is open. Then setup a relay somewhere that listens on that port and forwards to port 22 on that host. Netcat can be used to do this.
This does require a host to do it on though.
VPN into home and then SSH from there??? ORRRRRR Remote Destkop into home then VPN from home...
Just a couple of thoughts
Nice ideas! :D What's a big deal! :rolleyes:Quote:
Originally posted here by Spyrus
VPN into home and then SSH from there??? ORRRRRR Remote Destkop into home then VPN from home...
Just a couple of thoughts
If they block your 22 port, why they let other port open?
Some ports are required for everyday things. Examples are port 80 for web servers, port 25 for smtp or ports 20 and 21 for ftp. If you block these ports then you lose the service that uses that port.