Author: admin@labtinker.net

30 July 2020

Fragmentation

I think the joy of tinkering is that you don’t have to do anything earth-shattering but just messing around can bring home elements you grasp theoretically or only get chance to see or work on occasionally in the wild. This post is a little ropey as it was never intended for publication, but it’s been a thin few weeks as I’m so-say studying for a […]

5 July 2020

Securing SFTP?

I recently came upon a situation where there was a request to allow an SFTP connection out to the Internet for secure file transfer. My previous posts have been concerned with stopping SSH tunnels on non-standard ports but some may have viewed this as an academic exercise as most enterprises insist outbound connections are made through a proxy server. A proxy understands HTTP (including HTTPS […]

20 June 2020

Checkpoint and non-std SSH

Herein is the last in the series of how firewalls can be configured to block applications running on non-standard ports, specifically ssh. Today’s firewall vendor is the venerable Checkpoint and once more for the purposes of the lab I will reluctantly direct more moolah to Jeff Bezos’ bulging coffers by selecting the appropriate device from the AWS marketplace. Initially, I chose this… …and it took […]

17 June 2020

Cisco and non-std SSH

In a series only midly less compelling than GoT we see how the Cisco ASA firewall fared in stopping ssh over non-standard ports. (Spoiler alert: this lab did not go well) SPOILER ALERT: I didn’t get this working and this post descends into a mild rant on ASAs in AWS. I did get it working in this post: Cisco Once again I headed to the […]

5 June 2020

Fortigate and non-std SSH

In the previous post we saw how a Palo Alto fared in blocking applications running on non-standard ports and in this one we’re going to try the same exercise with a Fortigate firewall. Once again, I don’t have a physical Fortigate firewall to hand so used one in the AWS Marketplace: On the following firmware version: I used the same topology as I did with […]

23 May 2020

Palo Alto and non-std SSH

Initially, I wanted to explore the ways that different models of Next Generation firewalls defeat (or not) the simple tunnelling scenario of the previous labs (see ‘SSH forwarding’). In fact, I didn’t really get much further than looking at running applications on non-standard ports but it shows a little of the application awareness abilities of a next-gen firewall, in this case a Palo Alto. As […]

8 May 2020

SSH Forwarding (Part 2)

Again nothing earth-shattering here, a simple exercise building on the previous post. What do we want to do? This time we want to build a tunnel from a Windows host to a Linux one using the ssh utility Putty and then connect back to the Windows host down the tunnel using a remote desktop program. The Lab Setup You’ll notice the employment of the same […]

2 May 2020

SSH Forwarding (Part 1)

SSH Remote Forwarding It’s not news to a lot of people that SSH can be used to create tunnels to defeat simple port-based filtering devices and although I knew about it, I’d never actually tried it till I did: What do we want to do? So let’s imagine we want  HostA  to connect to HostB on port 80 which typically is used for http. (The […]