[SATLUG] Blocked ports on college campus

Jon Mark Allen jm at allensonthe.net
Tue Oct 21 15:24:00 CDT 2008


On Tue, Oct 21, 2008 at 15:07, Brad Knowles <brad at shub-internet.org> wrote:
> John Pappas wrote:
>
>> I am not surprised that they block SSH.  That port makes it nearly trival
>> to
>> bypass any perimeter security.  I use it all the time to tunnel to my
>> personal squid proxy so that I can have unfettered/unmonitored web access.
>> I usually do not need the other ports, as I try to keep all my services
>> web-accessible.  If I do need other things, I use SSH to tunnel NX to my
>> systems, then use the apps from there.
>
> The OP should show them ssh over DNS.
>
> Unless they want to completely and totally block all traffic into or out of
> their network, there *IS* a way to set up a proxy and completely by-pass any
> port restrictions they may set up.
>
> --
> Brad Knowles <brad at shub-internet.org>

of course.  with that argument, though, why not just remove all
firewalls and give everyone unfettered access to all your internal
servers, too?  After all, they're going to get in anyway, right?

There is *always* a way.  It's the admin's job to make it harder.
Hopefully hard enough that any miscreants will try someone else's
network instead.

-- 
JM

/* If you haven't found something strange during the day, it hasn't
been much of a day.
-- John A. Wheeler */


More information about the SATLUG mailing list