POSTS

SSH Tunneling

Blog

I’ve long known about the technique of SSH Tunneling, but have always considered that a bit of security work that I never needed to do.

This is ignorant.

It’s that same voice that says “screw flossing” or “parking neatly between the lines”. It’s only through willful ignorance or a choice to ignore other data that you would choose not to do this, especially if you hop from public access point to point as I tend to do.

Most internet applications make use of sending their data on a given port. HTTP ( aka what browsers use to transmit data ) operates on port 80, SMTP ( used to send mail out from a non-web client ) uses port 25 outbound, POP and IMAP are used for mail client inbound ( ports 110 and 143, respectively ).

During the time a network transaction is active between the two points, data is flowing in discrete quanta between the two machines ( called packets ). These packets are not encrypted. If some nefarious person were to use a packet sniffer they could read the contents of the packets, assimilate them and turn.

My ob/gyn called…. …and it turns out that you have given … ….me some sort of rash …

Into an unpleasant intrusion into your privacy.

Think about it: inbound mail, outbound mail, IM, IRC chats, your Gmail content, your Yahoo! Mail content.

Why wouldn’t anyone ameliorate this if possible?

Laziness. And this is really the heart of intrusion testing: look for points where laziness or process have underpaced deployment and use that gap as exploit vector.

So I set up SSH tunnels for inbound mail, outbound mail, HTTP browsing and IRC. There are many GUI’s that will do this for you, but I found them too hard to use and chose instead to write a very quick-and-dirty shell script to kill old tunnels and restart them.

Obviously this code should be better abstracted made more flexible…but…I leave it to you to modify as you need.

#!/bin/bash # Kill all the old tunnels by grepping for SSH tunnel processes to my old # server. kill $(ps -auxwww|grep ssh|grep my_ssh_server|awk '{print $2}') # Start the tunnels ssh -f sgharms@my-ssh-server-account -L 2143:imap.mail.host.com:143 -N ssh -f sgharms@my-ssh-server-account -L 2025:smtp.mail.host:25 -N ssh -f sgharms@my-ssh-server-account -L 6667:irc.freenode.net:6667 -N # Start a SOCKS proxy to secure my web browsing