Security Basics mailing list archives
FW: Tunelling RDP traffic over HTTP proxies.
From: "Jeroen van Meeuwen" <kanarip () pczone-clan nl>
Date: Thu, 24 Nov 2005 22:32:31 +0100
This issue was resolved in private. Thanks for all your replies. Kind regards, Jeroen van Meeuwen -- kanarip
-----Original Message----- From: Steve McLaughlin [mailto:Steve.McLaughlin () aggreko co uk] Sent: Thursday, November 24, 2005 18:22 To: Jeroen van Meeuwen Subject: RE: Tunelling RDP traffic over HTTP proxies. Ah, Disco! I am using localhost as the destination now and it works! Thanks Jeroen! Steve -----Original Message----- From: Jeroen van Meeuwen [mailto:kanarip () pczone-clan nl] Sent: 24 November 2005 17:02 To: Steve McLaughlin Subject: RE: Tunelling RDP traffic over HTTP proxies. Steve, you could verify the tunnel by doing a netstat -an at both ends. This could be a firewall issue, that is, on one of both ends of the tunnel. Kind regards, Jeroen van Meeuwen -- kanarip-----Original Message----- From: Steve McLaughlin [mailto:Steve.McLaughlin () aggreko co uk] Sent: Thursday, November 24, 2005 17:53 To: Jeroen van Meeuwen Subject: RE: Tunelling RDP traffic over HTTP proxies. Connection refused occurs when I try to use VNC viewer normally for example. This is after I have connected to a bash shell with the Tunnelsettingsin PuTTY Any suggestions? Steve -----Original Message----- From: Jeroen van Meeuwen [mailto:kanarip () pczone-clan nl] Sent: 24 November 2005 12:55 To: Steve McLaughlin Cc: security-basics () securityfocus com; pen-test () securityfocus com Subject: RE: Tunelling RDP traffic over HTTP proxies. Hi Steve, If port 443 is open, this enables you to tunnel any protocol. I'm confused with you saying you need to authenticate with the proxy server first. That would mean only port 80 and 443 outbound _from the proxy_ is allowed through the firewall. If that proxy only supports Kerberos authentication, I don't know what shell client you could use. Anyway, here's the setup I currently use: I have an outside Linux box with SSHd on port 443, to which I log in using PuTTY, via an ISA 2004proxy,with Basic proxy authentication. Tunneling is an option in PuTTY, so that's what I use to tunnel my IMAP, RDP, VNC and SMTP. To get it working in your case, I'ld first verify if it's only theproxythat is allowed through the firewall, and whether you are able to let PuTTY authenticate to the proxy. Kind regards, Jeroen van Meeuwen -- kanarip-----Original Message----- From: Steve McLaughlin [mailto:Steve.McLaughlin () aggreko co uk] Sent: Thursday, November 24, 2005 12:27 To: Jeroen van Meeuwen Subject: RE: Tunelling RDP traffic over HTTP proxies. I want to RDP or VNC into my box back home, and we only have port 80and443 open on the Firewall outbound and traffic first has toauthenticatethrough an ISA proxy with Kerberos authentication. Steve -----Original Message----- From: Jeroen van Meeuwen [mailto:kanarip () pczone-clan nl] Sent: 23 November 2005 19:55 To: Steve McLaughlin; 'Richard Zaluski'; 'Jason T. Hallahan'; security-basics () securityfocus com; pen-test () securityfocus com Subject: RE: Tunelling RDP traffic over HTTP proxies. Hi Steve, Is it just a HTTP proxy (which possibly has a web proxy filter, likeforexample ISA Server 2004, or a Squid / ASA implementation), or is it capable of HTTPS as well? Does it support Basic authentication or is it Windows Integrated(NTLM,Kerberos, Negotiate)? Kind regards, Jeroen van Meeuwen -- kanarip-----Original Message----- From: Steve McLaughlin [mailto:Steve.McLaughlin () aggreko co uk] Sent: Wednesday, November 23, 2005 17:45 To: Richard Zaluski; Jason T. Hallahan;security-basics () securityfocus com; pen-test () securityfocus com Subject: Tunelling RDP traffic over HTTP proxies. Hi list, Does anyone know of any solutions for tunnelling RDP trafficthroughanHTTP proxy? Thanks in Advance, Steve Visit us at http://www.aggreko.com Confidentiality Notice: This communication and any accompanyingattachmentscontain confidential information intended for a specificindividualand purpose.This communication is private and protected by law. If you arenotthe intendedrecipient, you are hereby respectfully notified that anydisclosures,copying,forwarding or distribution, or the taking of any action based onthecontents ofthis communication is strictly prohibited._____________________________________________________________________ This email has been scanned by the MessageLabs Email SecuritySystem.For more information please visit http://www.messagelabs.com/email____________________________________________________________________________________________________________________________________________ This email has been scanned by the MessageLabs Email SecuritySystem.______________________________________________________________________ Visit us at http://www.aggreko.com Confidentiality Notice: This communication and any accompanyingattachmentscontain confidential information intended for a specific individualand purpose.This communication is private and protected by law. If you are notthe intendedrecipient, you are hereby respectfully notified that anydisclosures,copying,forwarding or distribution, or the taking of any action based on thecontents ofthis communication is strictly prohibited._____________________________________________________________________ This email has been scanned by the MessageLabs Email SecuritySystem.For more information please visit http://www.messagelabs.com/email____________________________________________________________________________________________________________________________________________ This email has been scanned by the MessageLabs Email Security System.______________________________________________________________________ Visit us at http://www.aggreko.com Confidentiality Notice: This communication and any accompanyingattachmentscontain confidential information intended for a specific individualand purpose.This communication is private and protected by law. If you are notthe intendedrecipient, you are hereby respectfully notified that any disclosures,copying,forwarding or distribution, or the taking of any action based on thecontents ofthis communication is strictly prohibited._____________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email_________________________________________________________________________________________________________________________________________ ___ This email has been scanned by the MessageLabs Email Security System. ___________________________________________________________________ ___ Visit us at http://www.aggreko.com Confidentiality Notice: This communication and any accompanying
attachments
contain confidential information intended for a specific individual and
purpose.
This communication is private and protected by law. If you are not the
intended
recipient, you are hereby respectfully notified that any disclosures,
copying,
forwarding or distribution, or the taking of any action based on the
contents of
this communication is strictly prohibited. ___________________________________________________________________ __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ___________________________________________________________________ ___
Current thread:
- Tunelling RDP traffic over HTTP proxies. Steve McLaughlin (Nov 23)
- RE: Tunelling RDP traffic over HTTP proxies. Jeroen van Meeuwen (Nov 24)
- Re: Tunelling RDP traffic over HTTP proxies. Alloishus BeauMains (Nov 24)
- Re: Tunelling RDP traffic over HTTP proxies. Philip Barnham (Nov 24)
- Re: Tunelling RDP traffic over HTTP proxies. Morgan Reed (Nov 24)
- <Possible follow-ups>
- RE: Tunelling RDP traffic over HTTP proxies. Jeroen van Meeuwen (Nov 24)
- Re: Tunelling RDP traffic over HTTP proxies. lucab2005 (Nov 24)
- FW: Tunelling RDP traffic over HTTP proxies. Jeroen van Meeuwen (Nov 25)
- RE: Tunelling RDP traffic over HTTP proxies. Steve McLaughlin (Nov 25)