[TAG] Question on how to block a ssh host from being used as a Socks proxy
Suramya Tomar
security at suramya.com
Fri Oct 19 02:51:16 MSD 2007
Hey Everyone,
I have been using a SOCKs proxy via SSH (using port tunneling [1]) to
browse the net from unsecure locations and it works great.
However I have noticed that when I connect to certain hosts I am
unable to use the connection as a SOCKS proxy and I was wondering how
these hosts were configured to do this. It seems like a good feature to
have on servers that I configure. Are there any disadvantages to this
setup that I am missing?
I have tried looking for a solution online but I guess I am not asking
the right questions because I didn't find anything useful. So any
idea's/suggestions on what/where to look?
Thanks in advance.
- Suramya
[1] To set up a SOCKS proxy using SSH from a windows system follow these
steps:
Open PuTTY. You should be greeted with a configuration screen. First,
you will enter the hostname or IP address of the SSH server. Type in a
name for your connection settings in the box below ?Saved Sessions?, and
click the Save button.
Now you need to look at the tree of options to the left; expand the SSH
tree, and select ?Tunnels?. Enter 4567 (or any port number above 1024)
in the Source Port area, and click the Dynamic radio button to select
it. Leave the Destination field blank, and click ?Add?.
Now go back to the Session tree (very top of the left section), and save
again. You will be prompted to enter a username, which is the username
of your shell account. Type that in, hit enter, and then type in your
password when it prompts you.
In your browser change the proxy setting to localhost and the port you
used earlier and you can browse the net safely.
--
-------------------------------------------------
Name : Suramya Tomar
Homepage URL: http://www.suramya.com
-------------------------------------------------
************************************************************
Disclaimer:
Any errors in spelling, tact, or fact are transmission errors.
************************************************************
More information about the TAG
mailing list