FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 12-04-2009, 09:08 PM
Tudod Ki
 
Default two questions about ssh tunneling

if I:

ssh -fND localhost:6000 somebody@192.168.56.5 -p PORTNUMBER

from computer "A" to computer "B" [B = 192.168.56.5] then I can set the SOCKS proxy for e.g.: Firefox to use "localhost:6000" on computer "A". Ok. I can surf the web through "B".

But:
- Can anyone sniff the traffic of "A"? [e.g.: computers on same subnet as "A"] Like DNS requests? - I think no, but I'm not sure :O

- Can anyone sniff the traffic of computer "B"? e.g.: B computer is at a server farm [others in the farm can see the traffic?] - I think yes, but I'm not sure :O
 
Old 12-04-2009, 09:08 PM
Tudod Ki
 
Default two questions about ssh tunneling

if I:



ssh -fND localhost:6000 somebody@192.168.56.5 -p PORTNUMBER



from computer "A" to computer "B" [B = 192.168.56.5] then I can set the
SOCKS proxy for e.g.: Firefox to use "localhost:6000" on computer "A".
Ok. I can surf the web through "B".



But:

- Can anyone sniff the traffic of "A"? [e.g.: computers on same subnet
as "A"] Like DNS requests? - I think no, but I'm not sure :O



- Can anyone sniff the traffic of computer "B"? e.g.: B computer is at
a server farm [others in the farm can see the traffic?] - I think yes,
but I'm not sure :O


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-04-2009, 09:09 PM
Tudod Ki
 
Default two questions about ssh tunneling

if I:



ssh -fND localhost:6000 somebody@192.168.56.5 -p PORTNUMBER



from computer "A" to computer "B" [B = 192.168.56.5] then I can set the
SOCKS proxy for e.g.: Firefox to use "localhost:6000" on computer "A".
Ok. I can surf the web through "B".



But:

- Can anyone sniff the traffic of "A"? [e.g.: computers on same subnet
as "A"] Like DNS requests? - I think no, but I'm not sure :O



- Can anyone sniff the traffic of computer "B"? e.g.: B computer is at
a server farm [others in the farm can see the traffic?] - I think yes,
but I'm not sure :O




--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
 
Old 12-04-2009, 09:13 PM
Tyler MacDonald
 
Default two questions about ssh tunneling

Tudod Ki <tudodki88@yahoo.com> wrote:
> if I:
>
> ssh -fND localhost:6000 somebody@192.168.56.5 -p PORTNUMBER
>
> from computer "A" to computer "B" [B = 192.168.56.5] then I can set the SOCKS proxy for e.g.: Firefox to use "localhost:6000" on computer "A". Ok. I can surf the web through "B".
>
> But:

> - Can anyone sniff the traffic of "A"? [e.g.: computers on same subnet as
> - "A"] Like DNS requests? - I think no, but I'm not sure :O

I believe when you use SOCKS, your browser stops doing DNS resolution and
just hands the hostnames directly to the SOCKS server. So all they would be
able to sniff is your encrypted SSH session, which they (hopefully) can't
decrypt.

> - Can anyone sniff the traffic of computer "B"? e.g.: B computer is at a
> - server farm [others in the farm can see the traffic?] - I think yes, but
> - I'm not sure :O

Yes, that's possible. However, in most colocated environments, you are on
a switch, not a hub -- so in that case, the attacker would have to be
sniffing directly from a router to see your traffic. If you want to know for
sure, ask your ISP.

- Tyler



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-04-2009, 09:31 PM
Tudod Ki
 
Default two questions about ssh tunneling

but what's with cam attack?

http://en.wikipedia.org/wiki/CAM_Table#Attacks

they could attack a switch, and it will act as a hub? and then they can set promiscuous mode on their cards and sniff

--- On Fri, 12/4/09, Tyler MacDonald <tyler@macdonald.name> wrote:

From: Tyler MacDonald <tyler@macdonald.name>
Subject: Re: two questions about ssh tunneling
To: "Tudod Ki" <tudodki88@yahoo.com>
Cc: "Debian User" <debian-user@lists.debian.org>
Date: Friday, December 4, 2009, 10:13 PM

Tudod Ki <tudodki88@yahoo.com> wrote:
> if I:
>
> ssh -fND localhost:6000
somebody@192.168.56.5 -p PORTNUMBER
>
> from computer "A" to computer "B" [B = 192.168.56.5] then I can set the SOCKS proxy for e.g.: Firefox to use "localhost:6000" on computer "A". Ok. I can surf the web through "B".
>
> But:

> - Can anyone sniff the traffic of "A"? [e.g.: computers on same subnet as
> - "A"] Like DNS requests?* - I think no, but I'm not sure :O

* I believe when you use SOCKS, your browser stops doing DNS resolution and
just hands the hostnames directly to the SOCKS server. So all they would be
able to sniff is your encrypted SSH session, which they (hopefully) can't
decrypt.

> - Can anyone sniff the traffic of computer "B"? e.g.: B computer is at a
> - server farm [others in the farm can see the traffic?] - I think yes, but
> - I'm not sure :O

* Yes, that's possible. However, in most colocated environments, you are on
a switch,
not a hub -- so in that case, the attacker would have to be
sniffing directly from a router to see your traffic. If you want to know for
sure, ask your ISP.

*** - Tyler



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-04-2009, 09:35 PM
Tyler MacDonald
 
Default two questions about ssh tunneling

Tudod Ki <tudodki88@yahoo.com> wrote:
> but what's with cam attack?
>
> http://en.wikipedia.org/wiki/CAM_Table#Attacks
>
> they could attack a switch, and it will act as a hub? and then they can
> set promiscuous mode on their cards and sniff

Hmm. I didn't know about that one! I suppose it's possible. Of course, if
you were in promiscous mode as well, you'd probably start getting other
systems' packets and would immediately know that an attack was underway.
Unless the attack was on a router a few hops upstream from you.

I guess the only way to know for sure is to know your ISP's network
topology...

- Tyler


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 05:13 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org