On Sun, 14 Dec 2008, Asheesh Laroia wrote:

quoted text
> On Mon, 15 Dec 2008, Nix wrote:
>
>> On 14 Dec 2008, Jakub Narebski spake thusly:
>>> BTW. is outgoing SSH transport (from network to outside) blocked as well?
>> 
>> *No* ports are open. All they have is a (non-transparent) buggy HTTP proxy. 
>> These guys really don't get the Internet, despite their sales literature 
>> banging on endlessly about it.
>
> If that's the only way you can access the network, you can take advantage of 
> the way HTTP proxies deal with HTTPS: they typically let it through byte for 
> byte.
>
> "connect.c is the simple relaying command to make network connection via 
> SOCKS and https proxy. It is mainly intended to be used as proxy command of 
> OpenSSH."
>
> Run sshd on port 443, use connect.c, and you're set.
>
> (Except for some really smart SSL-aware HTTP proxies that verify that it's an 
> SSL connection of some kind.  In theory, you could then sslwrap your sshd and 
> then be set.)

although, if the company is doing this as a deliberate security measure 
(as opposed to not knowing what they are doing), setting up a bypass like 
this can get you fired for deliberatly bypassing a security device.

also, examples of people going to this sort of effort to bypass security 
policies end up with employees being trusted less.

you are far better off going through channels and discussing what you are 
trying to do and why.

David Lang
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html