[TriLUG] blocking outbound port 22

tj via TriLUG trilug at trilug.org
Thu Oct 8 10:52:49 EDT 2015 

I am moving to XXXX port number for my ssh box due on many scanner are
banging the door and tries  wellknown existing vunerabilities.
one surprise for me was: most IPSs were coming from china :D.

luckily at work, they do not block  22 or unknown ports as now.
I have no Idea on the new building  since we have to move  totally 100% at
the end of this month. they mentioned to strengthen firewall and blocking
unneeded ports. I would see..

On Thu, Oct 8, 2015 at 10:44 AM, Matt Flyer via TriLUG <trilug at trilug.org>
wrote:

> This sounds like a perfect place to test the application Corkscrew:
>
> http://www.techrepublic.com/blog/linux-and-open-source/using-corkscrew-to-tunnel-ssh-over-http/
>
> " If you are in an environment that disallows the use of SSH and forces
> the use of an HTTP proxy, it is possible to use that HTTP proxy as a
> transport for SSH."
>
> I worked at a place that was absurdly totalitarian with regards to their
> web proxy.  As a design engineer I would frequently research technical
> information and they would even block categorically university sites,
> where you can get a lot of technical papers, as "educational sites
> prohibited".
>
> Using SSH to tunnel out of there was the quick and obvious answer.
>
> Blocking port 22 simply makes the case for moving SSH to a non standard
> port, the old security through obscurity line.
>
> > port ssh , can be easily used for tunneling
> >
> > I think, web proxy is in the blacklist for security reason.
> >
> > On Wed, Oct 7, 2015 at 5:22 PM, Ken Mink via TriLUG <trilug at trilug.org>
> > wrote:
> >
> >>
> >>
> >> Sent from my iPhone
> >>
> >> > On Oct 7, 2015, at 16:52, Wes Garrison via TriLUG <trilug at trilug.org>
> >> wrote:
> >> >
> >> > I ran into a situation today I've never seen before.
> >> >
> >> > I was working at an engineering firm and their IT guy had all outbound
> >> > traffic on port 22 blocked.
> >> >
> >> > Is there any sane reason to do this?
> >> >
> >> > I can't think of any reason to block SSH, but maybe I'm missing
> >> something.
> >> >
> >> > -Wes
> >>
> >> Sure, internal security policies. One place I worked had ALL outbound
> >> traffic blocked. The only way out was web proxy, which also had quite
> >> the
> >> blacklist.
> >>
> >> Ken
> >>
>
> --
> This message was sent to: fendy <bimasakti at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  :
> http://www.trilug.org/mailman/options/trilug/bimasakti%40gmail.com
> Welcome to TriLUG: http://trilug.org/welcome
>

More information about the TriLUG mailing list