lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: Ian.Latter at mq.edu.au (Ian Latter)
Subject: RE: By passing surf control


The method I used to skip a bastion was (while still using HTTPS "CONNECT")
to run pppd in inetd on 443/tcp ... then all you need to do is run the ppp client 
over the "telnet" session and you can fully route one organisation through 
another.  At the time I used cotty to dup the tty at the client, but netcat should
be better for this now.


----- Original Message -----
>From: "Otero, Hernan         (EDS)" <HOtero@...chile.cl>
>To: "Kudakwashe Chafa-Govha" <KChafa-Govha@...kunitedfla.com>, "'pen-
test@...urityfocus.com'" <pen-test@...urityfocus.com>
>Subject:  [Full-Disclosure] RE: By passing surf control
>Date: Wed, 25 Feb 2004 19:05:26 -0400
>
> That is very easy if you can have a machine in the net with ssh server...
> 
> With a standard proxy that support CONNECT METHOD (Typically HTTPS
> connections) using putty and a ssh server listening in port 443 you can
> forward any port via tunneling.
> 
> Look at your logs looking for an endless HTTPS connection..., with tons of
> traffic.
> 
> Regards,
> 
> Hernán
> 
> -----Original Message-----
> From: Kudakwashe Chafa-Govha [mailto:KChafa-Govha@...kunitedfla.com] 
> Sent: Miércoles, 25 de Febrero de 2004 17:04
> To: 'pen-test@...urityfocus.com'
> Subject: By passing surf control
> 
> Hello Group,
> 
> 
> Does anyone have any information on how to by pass a web content filter? We
> use Surf Control to monitor and filter web content. However, I have one of
> my users who was able to by pass this. We tried using a proxy to by pass
> just for testing purposes but it did not work. I am still trying to figure
> out what other method he used to do so. If anyone has any information , it
> will be greatly appreciated.
> 
> Thanks
> 
> Kuda
> 
> ****************************************************************************
> **********************
> The contents of this email and any attachments are confidential.
> It is intended for the named recipient(s) only.
> If you have received this email in error please notify the system manager or
> the 
> sender immediately. Unless you are the intended recipient or his/her
> representative 
> you are not authorized to, and must not, read, copy, distribute, use or
> retain this 
> message or any part of it. 
> ****************************************************************************
> **********************
> 
> 
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

--
Ian Latter
Internet and Networking Security Officer
Macquarie University

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ