| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200402260134.i1Q1YxQ05107@singularity.tronunltd.com> From: Ian.Latter at mq.edu.au (Ian Latter) Subject: RE: By passing surf control The method I used to skip a bastion was (while still using HTTPS "CONNECT") to run pppd in inetd on 443/tcp ... then all you need to do is run the ppp client over the "telnet" session and you can fully route one organisation through another. At the time I used cotty to dup the tty at the client, but netcat should be better for this now. ----- Original Message ----- >From: "Otero, Hernan (EDS)" <HOtero@...chile.cl> >To: "Kudakwashe Chafa-Govha" <KChafa-Govha@...kunitedfla.com>, "'pen- test@...urityfocus.com'" <pen-test@...urityfocus.com> >Subject: [Full-Disclosure] RE: By passing surf control >Date: Wed, 25 Feb 2004 19:05:26 -0400 > > That is very easy if you can have a machine in the net with ssh server... > > With a standard proxy that support CONNECT METHOD (Typically HTTPS > connections) using putty and a ssh server listening in port 443 you can > forward any port via tunneling. > > Look at your logs looking for an endless HTTPS connection..., with tons of > traffic. > > Regards, > > Hernán > > -----Original Message----- > From: Kudakwashe Chafa-Govha [mailto:KChafa-Govha@...kunitedfla.com] > Sent: Miércoles, 25 de Febrero de 2004 17:04 > To: 'pen-test@...urityfocus.com' > Subject: By passing surf control > > Hello Group, > > > Does anyone have any information on how to by pass a web content filter? We > use Surf Control to monitor and filter web content. However, I have one of > my users who was able to by pass this. We tried using a proxy to by pass > just for testing purposes but it did not work. I am still trying to figure > out what other method he used to do so. If anyone has any information , it > will be greatly appreciated. > > Thanks > > Kuda > > **************************************************************************** > ********************** > The contents of this email and any attachments are confidential. > It is intended for the named recipient(s) only. > If you have received this email in error please notify the system manager or > the > sender immediately. Unless you are the intended recipient or his/her > representative > you are not authorized to, and must not, read, copy, distribute, use or > retain this > message or any part of it. > **************************************************************************** > ********************** > > > --------------------------------------------------------------------------- > ---------------------------------------------------------------------------- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > -- Ian Latter Internet and Networking Security Officer Macquarie University
Powered by blists - more mailing lists