Tricks with SSH

Do you want to ssh to your NATed box at home? Want to connect in to your machine at work that drops SYN packets at the perimeter? Tired of having to live without tab-completion and other handy features when an exploit sends a shell back to netcat? SSH to the rescue.

First, from the firewalled machine (call it BoxA) run:
ssh -nNT -R 2222:localhost:22 user@boxb.example.com &
then on BoxB.example.com:
ssh user@localhost -p2222

So what exactly does this do? Let's take a look at the relevant sections from ``man ssh'':

-n Redirects stdin from /dev/null (actually, prevents reading from stdin). This must be used when ssh is run in the background.

-N Do not execute a remote command. This is useful for just forwarding ports (protocol version 2 only).

-T Disable pseudo-tty allocation.

-R [bind_address:]port:host:hostport
Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side. This works by allocating a socket to listen to port on the remote side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the local machine.
...
By default, the listening socket on the server will be bound to the loopback interface only. This may be overriden by specifying a bind_address.


``-nNT'' means we aren't going to give ssh any input, so don't execute a shell and don't allocate a tty. -R is a little trickier; it says start forwarding port 2222 of the remote machine (BoxB) to port 22 of the machine you're running ssh from (BoxA). Now when you run ssh localhost -p2222, you're connecting to the port forward that you just set up which sends your connection through an encrypted tunnel to BoxA, bypassing the firewall rules because the tunnel is already connected.

Caveats:

• You're connecting to localhost from BoxB but the traffic is actually going to BoxA. This will confuse ssh who thinks that localhost should have the same fingerprint each time. To get around this, you'll likely have to delete the line beginning with ``localhost'' in your ~/.ssh/known_hosts.


• If you're using an exploit you'll have to know the account's password (or steal an ssh key)


• Don't complain to me if your sysadmin gets mad and blocks outbound ssh. =)

I love open source. They've really thought of everything.

Securosis and Daringflamebait

I'm constantly updating my daily blog list and today I stumbled on securosis.com. He's got decent advice for the less technically savvy (which happens to mirror a lot of what I've been telling the uninitiated for a while now). He also explained to John Gruber that the so-called challenge he proposed to Ellch and Maynor was asinine in a far more even tone than I might have.

Plus this great quote:

Give honest answers to honest questions, and when someone asks for the ROI of a firewall ask them for the ROI on their desk.

Keyboard Dancing

Keyloggers are cool. Hardware keyloggers are cooler because they are undetectable to the operating system. A mark against hardware gizmos is that for them to be useful, one must install the gizmo and then retrieve it. Until now. Now it doesn't have to be retreived. Now all one has to do is drop the gizmo and watch for traffic on the internet. Or own a keyboard manufacturing company.

Vikings are not magical

I've been resisting the new Lego sets for a while now because of their futuristic depictions of supposedly historical eras. For example, the Knights' Kingdom II and Vikings series both have giant spring-loaded projectile weapons. Well today I broke down and bought a vikings set. I'm still uncertain about the ridiculous giant catapult powered by a lone viking. Launching boulders at least three times as big as himself doesn't seem within the realm of possibility for an 8th-11th century warrior, even if he is a badass. On the other hand, the armor, weapons, and non-specialty bricks are awesome.

On a completely unrelated note, Willyk set me up with a new gallery account today. Check it out if you're interested.

Update 2006-11-05: the gallery url has changed and now works. =)

Siren's call

In the last few weeks, we've rented a number of movies. So I will succumb to the Internet's siren-like call to publish my opinion so that all who care to read it might find something with which they disagree. In alphabetical order:

• Blood Rayne - Vampires. We gave it the MST3K treatment and got our two bucks worth.


• The Ice Harvest - My executive summary: "John Cusack and Billybob Thornton steal some money. People die. There are breasts." Might be a decent movie iff you like film noir.


• Kiss Kiss Bang Bang - A good detective film with assorted twists. I was on the edge of my seat for much of this movie and laughing the rest of the time (Val Kilmer's character is called "Gay Perry"). Great movie with a solid cast, entertaining plot and funny dialogue. Highly recommended.


• RV - This was billed as a slightly ridiculous comedy and it definitely lives up to that description. But it's not retarded like, say, anything Will Ferrell has ever done.


• Unleashed - From the cover and the back-of-the-case description, this is your standard martial arts movie. Do not let that fool you; in addition to his incredible physical abilities, Jet Li is quite an actor and Unleashed is a phenomenal movie.

Defcon 0x0E

Defcon was a blast. I met a bunch of cool people and got to hang out with some old friends. fednaught, a Capture the Flag team, got second place despite my help.

My favorite talks were Hacking Malware: Offence is the New Defence by Danny Quist and Valsmith and Exploit Writing Using Injectable Virtual Machines by Wes Brown and another fellow from the same organization. The latter because James and I were discussing what we would need in order to be prepared for next year's CtF only moments before going into this presentation and hearing that it had already been written.

Highly Sceintific Random Internet Tests

Apparently I'm in the 93rd percentile for nerdiness based on this Highly Scientific Random Internet Test. This is a dubious honor but one that I felt was worth sharing.

Hello, I must be going

We've been in Idaho Falls for about three weeks now. My job is interesting and I'm enjoying my work. I haven't learned all the ropes yet; I just figured out how to fill in time cards yesterday. We're just about settled into our new house but there are still a bunch of boxes that haven't been unpacked. And now I'm going on travel for two weeks. That's not really a bad thing; it will be fun and interesting and I will probably learn a ton on my first outing. But there are a lot of things I need to do here in Idaho Falls. Mostly paperwork things but important things nonetheless, like finding out where my paycheck goes and making sure it gets deposited before our first month's bills come due.

Hurray for IBM

I bought a refurbished Thinkpad T40 in March with a 90-day manufacturer's warranty. After having it for about two months, the USB ports died and the video card started flaking out everytime I pressed the machine in the wrong spot. This was about the time when finals were approching fast and I could not live without my laptop, so I sucked it up and decided I would just pay to get it fixed out of warranty after the end of the semester. This afternoon I found the invoice and called IBM. It turns out that in IBM-land a 90-day warranty that started in March expires in October so they are going fix it for free.

Additionally, in the past I have told Dell customer support representatives that the machine I'm calling about does not have Windows installed. Their response has pretty much universally been, "Then it's your problem, not ours." I told the IBM tech support guy the same thing and he said, "We don't care about that."

Hurray for IBM!

Mmm... Socorro...

The closer I get to moving, the more I wish it wasn't so near.

I've been in Socorro for just shy of six years, now. For the first 4, I didn't care at all about the town. But in the last two years, I've made some really great friends and I've come to enjoy many elements of Socorro and New Mexico Tech. I think a lot of it is the college-town aspect of this place. I enjoy walking around campus in the middle of the night for no particular reason and running into a bunch of other caffeinated people doing the same thing. I find it hilarious when I'm talking to a towny and they ask if I "go to the tech". I like writing code at El Camino til 4 in the morning. I like having conversations with random people I've never seen before who laugh at my stupid jokes about big-O notation.

I'll miss you guys. And El Camino's green chile cheese fries.

New to blogging.

Not really new to blogging... but new to automated blogging. My previous blog management software was vim. Don't get me wrong, vim rocks. But every time I made a post, which happend quite infrequently because it was a pain in the ass, I thought, "Man, I should really write some code to automate this process."

In the fine CS tradition of not reinventing the wheel I decided to use someone else's code instead. As an added bonus, I'm using someone else's server and someone else's bandwidth as well. =)

Repost of my ramblings which spurred me to get a blogger account:

I'm about to graduate a week from today so 'the real world', as it is often called, has been on my mind a lot recently. It really bugs me when I tell people I'm going to graduate and they say something like: "Well I guess you'll soon find out how much the real world sucks. Have to get up earlier and work longer."

I did some math. I'm studying, working at my student job, doing homework or sitting in class for 60-70 hours per week. That 40 hour/week job with no homework everyone complains about so much sounds pretty sweet.

I think the 'real world' that you're talking about does suck. I wouldn't want to do something meaningless everyday for eight hours. But a large percentage of my friends and acquantainces who don't have a degree seem to think that college is a breeze and that we just screw around for 4 years (well, 6 for me) until we get a job like theirs that we hate like they do.

So in conclusion, no, college is not like the 'real world'. But in two month's time, I'm going to be working with some of the best hackers in the world securing some of the country's most important assets. I'm not sure if that's the real world, either...