Skip to main content

SSH Tunnel for TCP ports

Recently I was TDY to Kadena AB, and the 18FSS there has some ridiculous rules for the base Internet, both in billeting, and anywhere they provide service across the base (like at the clubs, BX, etc).    Here's their idiotic restrictions:
1) They block any trusted DNS server... you have to use their router as a DNS server, and any port 53 queries to another (trusted) DNS server are blocked
2) They block all ICMP, so you can't traceroute your connection to see where it's going
3) They implement not just web proxying, but full TCP proxying... To get around #2 above, I tried to run a TCP traceroute, but they blocked this attempt by proxying, and disconnecting, my TCP scans.
4) They blocked my OpenVPN tunnel
5) They block MagicJack, which really got under my skin because I couldn't use it to call home
6) They blocked the email from Google, Yahoo, Comcast, GoDaddy, and Microsoft, which was on ports 993, 465, 25, etc.  
7) They blocked my access to the security cameras at home so I couldn't check on my house
8) Of course, they did dirty word/URL searches, and blocked any 'hacking' or numerous other sites.

Basically, they blocked anything not on port 80 or 443, and even those ports were proxied and filtered.   This is just unacceptable.  I complained, as I suggest anyone who visits should.  

How could one get around such an incredulous setup?  SSH to the rescue.  SSH didn't work for my OpenVPN VPN, as I have a UDP VPN, and I'd have to get a UDP to TCP setup using socat or something, which I didn't have set up before I left, so I was screwed for my UDP OpenVPN VPN.   

However, for TCP connections, you can proxy all connections to your local box, and push them through a SSH tunnel, where they'd jump off from your ssh server and go back to their normal port.  So let's say my OpenVPN VPN tunnel was a TCP vs UDP tunnel.  Then the command for this is:

#ssh root@dns-of-choice.org -p 443 -L 1194:localhost:1194 (port:host:hostport, if you want to change ports)

I could then build a TCP tunnel to myself on the localhost port 1194, and fire up my tunnel.  It would go outbound on port 443 to my ssh server, where it would get turned back to 1194 and sent to the destination VPN server.   

If you wanted to have SSH tunnel from the Remote host to the Local host instead of the other way around, the command would be:

#ssh root@dns-of-choice.org  -p 443 -R port:host:hostport  

Comments

Popular posts from this blog

ADS-B plotting with Kali (and other SDR goodies)

Recently I wanted to try some Software Defined Radio stuff.   
I had a RTL-SDR, FM+DAB, DVB-T USB Stick Set with RTL2832U & R820T. that I got from: http://www.amazon.com/gp/product/B00C37AZXK/ref=oh_details_o04_s00_i00?ie=UTF8&psc=1
But, even though this dongle would break out FM radio stations, and ATC frequencies (like the local Ground Control, tower, and even ATIS), which was cool, it wouldn't break out ADS-B.   
Thus, I bought a Vantech Green Mini RTL2832U R820T DVB-T SDR DAB FM USB DIGITAL TV Tuner Receiver RTL-SDR Project + DAB dongle Tuner MCX Input from Amazon, and tried this.  
This dongle was able to listen to the 1090MHz frequency required for ADS-B (as it goes from 25MHz to 1700MHz).  There were tons of Windows programs out there for breaking out and plotting ADS-B Mode S broadcasts, but not many for Linux.  
For Kali Linux, here's how I got it running and plotting planes around my home:
0) before you start, you should do an apt-get update to ensure you hav…

Beaglebone Black as a Wireless Intrusion Detection System (WIDS)

Recently I have been wanting a wireless IDS (WIDS) to detect nefarious wifi activity.  I also had a Beaglebone Black hanging around that I wanted to put to good use.   This seemed like a perfect match, and indeed it seems to be so!

I did some research on WIDSs, and although there is SUPPOSED to be several out there, nearly all that I seemed to find was commercial and Windows-based products, not something I could use myself.   
About the only exception to that rule was Kismet, so I decided to give that a try.  Kismet is supposed to work as a WIDS, and per its documentation should catch the following attacks:
Kismet supports the following alerts, where applicable the WVE (Wireless Vulnerability and Exploits, www.wve.org) ID is included: AIRJACKSSID Fingerprint Deprecated The original 802.11 hacking tools, Airjack, set the initial SSID to 'airjack' when starting up. This alert is no longer relevant as the Airjac…

Temper Temperature monitor on a Beaglebone Black

Beaglebone Black as a temperature monitor:

Recently I wanted to monitor the temperature of my shed.  I thought I'd use a small computer such as a Raspberry Pi or a Beaglebone or Odroid.

My Raspberry Pi boxes were all in use, so I grabbed my Beaglebone, which was doing nothing.

I flashed it with the Debian9.32018-03-054GB SDIoTimage, but that seemed like it was running lots of bloatware and the ethernet interface wouldn't take a static IP with /etc/network/interfaces.

So I went with the Debian9.32018-01-284GB SDLXQTi image instead.  I still had the same problem, that lots of junk was running, and I couldn't configure my interface by modifying /etc/network/interfaces

So my first step was to get rid of all the bloatware.  If you're using a Raspberry Pi or something, you can skip this and just go to the second step below

STEP 1--Remove Blotatware from Beaglebone Black:

With some searching, I came across this post:
https://www.linuxquestions.org/questions/linux-newbie-8/inte…