This article I copied for my personal reference since I tend to forget things such as names, addresses, SSH Tunnel configurations, severe acts of nature and so on…
Concerning Tunnels:
A tunnel is usually an underground passage from one place to another. Why is there a reason to go through a tunnel instead above ground I can’t really answer in general, but I sure know why I have to use tunnels in my daily IT routines.
The tunneling allows me to deliver payload securely and also allows me to access resources that are otherwise restricted from my location.
The example below demonstrates the setup of an SSH Tunnel that is used for simple internet browsing.
Microsoft Windows 2000/XP/2003/Vista
When using Microsoft Windows operating systems I create SSH Tunnels using Putty.
1. Connect to an SSH server using Putty.
In this example I am using the hosting for this website.
2. Right click on the SSH Toolbar and select “Change Settings…”
3. On the newly opened windows select Connection >> SSH >> Tunnels. Type in the source port the number “80″. This number is simply an example and you must feel free to use any appropriate port number on your host.
In the destination text box type “localhost” and select the radio button “Dynamic”.
4. Click Add and add other ports if you might need them for some purpose. You should see your Port forwarding rule added as D80 if you have used the above settings. Once you added the port forwarding, apply the change.
Your tunnel is now ready. You can check this with telnet for example.
Linux/Mac OSX/UNIX
Under Linux the configuration is quite simplified compared to windows so no screen shots are neccessary.
Open a terminal and connect to the remote ssh server/host with the following command:
host# sudo /sbin/ssh -p22 -D 80 user@unix.soteks.com
Follows the browser configuration. It is similar config in most operating systems and browsers.
5. In Mozilla (quite similar in IE) open the Options or Properties of the browser. Navigate to Network and select Settings.
6. Select Manual Proxy configuration. Under the SOCKS Host type localhost and for port number put 80. Select SOCKS v.5. Click OK.
Once the above is completed successfully. All of your firefox traffic is being tunneled through the ssh connection that you have done so all the traffic is encrypted.
In addition to such setup I usually use the extra feature to forward by DNS requests through the tunnel too. This is a good idea if your DNS queries are being logged. To do this simply type about:config in the address bar of Firefox and in the filter line search for dns. Find the value network.proxy.socks_remote_dns and change the value to true.
7. In the address tab of firefox type about:config. In the Filter box search for DNS
It is considered a crime to use the above to get to your Friendface websites.
Enjoy.
It’s about 3:45 pm and you’ve just beaten your old Tetris high score. The end of the work day is within sight, with little over an hour to go. Suddenly, your middle-management of a boss rolls into your office. It seems the guys down in IT taddled on you. “newgrounds.com? wildbestiality.com? Gamer Gaiden? These are not resources pertinent to your duties with this company.” Busted. Maybe you should’ve made monster.com a hit on your list, because the unemployment line doesn’t offer a T1 line to pass the time.
Today’s little soiree is dedicated to misuse of company resources. I’ve had a few jobs in my time, both back-breaking and lazy. The most money I’ve ever been paid are by people who want what I know, not what I do. Since that’s not as much as people think, I rarely spend 40 hours a week dedicated to productive work. When one sits in an office, one has a computer, and often an Internet connection. Human nature dictates that such resources be used for chatting, porn, and flash games. Companies know this. However, they want you to use this time productively. We have a conflict of interests. If you aren’t being outright blocked, you probably at least have someone who is paid more then you to sit on the Internet, chatting, watching porn, and playing flash games, who will occasionally look up what you’ve been doing and tell your boss.
These articles here are going to be about setting yourself up with a little privacy. Article one is about a tool called a tunnel, which sends data from point A to point B without anyone inbetween being able to make out what it says. All they know is that “something” is going to point B. Ideally, point B is an area you control, not the geeks down the hall, and so they can’t check up on or control it. From point B, the data rushes off into the internet like little fairies on mushrooms, as is the natural state of data. You will need a point B, being a SSH server that you can log into. This article doesn’t cover setting up the server. You’ll have to wait on that, or hit up the wide internet. I have one running on my router at home.
- You’ll need to download PuTTY. Just the putty.exe file is plenty. It doesn’t require installing, so you don’t need administrator rights on your machine to run it. Save that somewhere out of the way, perhaps on a thumbdrive or somewhere not right on your Desktop in plain view.
- Open Notepad, and create a one-line batch file:
putty -D 8080 -P p# -ssh ip# - Replace p# with the port number of your SSH server and ip# with the IP address. Save this as putty.bat in the same directory as putty.exe.
- Open your browser, and go to whatismyip.com. This number is your office’s IP, or something remotely to that effect.
- Run putty.bat. It’ll ask you for a username and password, then sit idly. After you login, your tunnel is open. You can close the tunnel at any time by typing exit.
The tunnel, by itself, isn’t going to do the job for you. Each program has to be told about the tunnel, which is done via proxy settings. They’re in different places in every program, and even in different versions of different programs. For example, in Internet Explorer 6.0, you go to the Tools menu > Internet Options. Choose the Connections tab and press LAN Settings at the bottom. Under Proxy Settings, check the box to use a proxy server. Enter the IP address as 127.0.0.1, and the port number as 8080. This basically says to use this computer as the proxy, where it’ll see your lovely tunnel, and run with it. The port 8080 was set with our “-D 8080″ part of our putty.bat file.
With your proxy settings set, again go to whatismyip.com, and check that the IP has changed. Chances are, this’ll be your SSH server you logged into, or something on its network, but more importantly, not the number it was last time you checked. This is a sign that your tunnel is in use, and your browsing habit reports are being slimmed down to “stuff’s going somewhere”.
Now, so long as they don’t get the impression you’re secretly sending company data in large quantities to your home, all should be well.
- If you find your company blocking lots of port numbers, set both the SSH server and your p# in putty.bat to something they wouldn’t block. Port 80 is used for plain web traffic, and so they can’t block it outright. Usually, though, the default of 22 isn’t blocked.
- Don’t actually use this for anything illegal. There, I said it. Last thing ol’ Axel needs is jail time. My ass is too sensitive for prison sex. As always, I’m not responsible for your stupidity. This isn’t super-level security and the big boys know how it works too.
