As you can see, setting up such tunnels does not requires advanced skills, especially with the recent Linux distributions which come with pre-installed and pre-configured ssh servers.
With a little more skills, it is possible to tunnel just about everything into everything. For example, it is possible to tunnel PPP into HTTP, providing a full IP-stack tunnelling, including ICMP (ping...), DNS and servers (backward tunnels).
Opensource and commercial VPN solutions also come into mind.
See references for programs and papers about firewall bypassing below.
Security is not only a matter of firewall configuration, it must be seen at a larger scale. Do not rely on the firewall alone.
Censorship bypassing should not be only considered as a terrorist or hacker weapon, but also as tools for privacy, free speech, democraty and human rights protection
List Of Software About Tunneling and Firewall/Proxy/Censorship Bypassing: ALL NETWORKS
ProxyTunnel : http://proxytunnel.sourceforge.net
TCP-into-HTTP(S) tunneling program ; requires the HTTP proxy to accept the CONNECT command.
SSH Tunnelling howto : http://proxytunnel.sourceforge.net/p...et-200204.html
Instructions for TCP-into-HTTP tunnelling using SSH and ProxyTunnel.
Bypassing internet censorship : http://www.zensur.freerk.com
Ways to bypass censorship, using various technics.
How to Bypass Most Firewall Restrictions and Access the Internet Privately : http://www.buzzsurf.com/surfatwork/
Document on firewalls bypassing and tunnelling.
Breaking Firewalls with OpenSSH and PuTTY : http://souptonuts.sourceforge.net/sshtips.htm
Using putty and OpenSSH when the firewall allows port 22 in.
The enemy within: Firewalls and backdoors : http://www.securityfocus.com/infocus/1701
Article about firewalls and security.
GNU HTTP Tunnel : http://www.nocrew.org/software/httptunnel.html
Opensource TCP-into-HTTP tunnelling.
PlugDaemon : http://www.taronga.com/plugdaemon/
TCP port forwarder with HTTPS proxy support.
OpenSSH : http://www.openssh.com
Opensource ssh client and server.
OpenSSH for Windows: http://sshwindows.sourceforge.net/
Windows version of OpenSSH. (The server only works under 2000/XP, but a 9x version is planned.)
OpenVPN : http://openvpn.sourceforge.net/
Excellent, secure and flexible opensource SSL-based VPN program. Can work over UDP, TCP or even HTTP trough proxies.
http://sixy.ch/tags/freehttp://ietf.org/rfc/rfc3093.txt
So-called Firewall Enhancement Protocol (FEP).
DesProxy : http://desproxy.sourceforge.net
Allows to make direct TCP connections through HTTP proxy which accept the CONNECT command. Does not require external server as in our solution above.
TransConnect: http://transconnect.sourceforge.net
Uses the CONNECT proxy HTTP command to make direct connections to the internet.
CorkScrew: http://www.agroman.net/corkscrew/
Tunnels SSH traffic through HTTP proxies.
HTTP Bridge: http://httpbridge.sourceforge.net
A CGI-based secure HTTP proxy written in Java. Requires Tomcat.
PsiPhon: http://psiphon.civisec.org/
Password-protected HTTP proxy server designed to circumvent censorship.
HTTP Proxy Lib: http://httppc.sourceforge.net
A library to add TCP-into-HTTP capability to your programs.
STunnel: http://stunnel.mirt.net
Generic TCP-into-SSL wrapper.
STunnel: http://www.stunnel.org
Generic TCP-into-SSL wrapper.
SSLProxy: http://www.obdev.at/products/ssl-proxy/
Generic TCP-into-SSL wrapper. No longuer maintained (Authors recommend STunnel instead).
TLSWrap : http://tlswrap.sunsite.dk
TLS/SSL wrapper/proxy for FTP.
HTTP Tunnel : http://www.http-tunnel.com
Commercial encrypted TCP-into-HTTP tunnelling service. Low-bandwith free service available.
HTTP Tunnel : http://http-tunnel.sourceforge.net/
Opensource SOCKS proxy capable of tunnelling traffic through HTTP proxies. Client and server provided. Server can run standalone (perl) or on a hosted server (php).
HTTPort : http://www.htthost.com
Commercial TCP-into-HTTP tunnelling service (encrypted).
BarracudaDrive : http://barracudaserver.com/products/...e/MxTunnel.lsp
Free TCP-into-HTTPS tunnelling server with HTTP proxy support (command-line java client), including a web-based file manager, web-based chat and graphical file transfer java client.
Hamachi : http://hamachi.cc/
Free and simplified UDP-based VPN solution capable of traversing NAT firewalls.
Your-Freedom : http://www.your-freedom.net/
Free TCP-into-HTTP tunnelling service. Additional sevices are not free.
Socks via HTTP : http://lightbox.ath.cx/socks/
A SOCKS proxy which tunnels all traffing into HTTP requests. Can also tunnel static ports. Client and server provided. Written in Java.
Zebedee : http://www.winton.org.uk/zebedee/
Opensource cross-plateform TCP/UDP-into-SSL tunnel.
Socks2HTTP : http://www.totalrc.net
Commercial Socks proxy which tunnels TCP and UDP into HTTP.
SSL Explorer : http://www.sshtools.com/products/ent...l-explorer.jsp
TCP-into-HTTPS tunnelling and more. The clients only requires a Java-enabled browser.
Tunnelier : http://www.bitvise.com/tunnelier.html
Commercial (free for personal use) SSH client for Windows with easy tunnelling features, graphical SFTP client, FTP-to-SFTP bridge, etc.
nph-proxy : http://www.jmarshall.com/tools/cgiproxy/
Free CGI-based HTTP proxy, capable of HTTPS proxying and URL obfuscation. Perl source code provided.
For more information, see:
http://directory.google.com/Top/Comp...ernet/Privacy/
http://directory.google.com/Top/Comp...vate_Networks/
Tunnelling projects on SourceForge.net: http://sourceforge.net/search/?words=tunnel
No comments:
Post a Comment