April 28, 2009 at 12:20 am #3738
Question for you all 🙂 I have set up an ssh connection to one of my servers via the command
ssh -D 8080 -f -C -q -N email@example.com I then set my SOCKS manually (in this case in safari settings) to localhost port 8080
I checked to make sure my browser was tunneling by going to (Whatsmyip) and the Ip address that is showing up, is of course my web server address.
Here is my question.
With my connection tunneled I know that my passwords and sites I visit are kept private to anyone “listening” however. Say I do not own the server I am connected to. Can the people who own the server monitor my browsing history/download history/ passwords etc.
April 28, 2009 at 10:01 am #23941AnonymousParticipant
That’s a good question. The encrypted tunnel protects the data being carried across the network from eavesdropping. What it does not do is protect the end points. What does this mean? Basically if you are sending unencrypted traffic is can potentially SSH does not defend against it being sniffed from either end of the tunnel.
The remote server will be decrypting your web traffic and spitting it back out onto the Internet and so information can be gathered on the server about your surfing habits. You don’t need admin privileges for example to run `netstat` on the server to see what connections are being made.
Another thing to consider is other information your computer transmits when you are surfing the web. If you point your web browser to a local SOCKS proxy then the DNS queries you make to resolve web site host names will not be sent out over the secure tunnel. You might not be able to see the content of the sites you are visiting but you will be able to determine the names of the sites.
April 29, 2009 at 4:45 am #23942
I have Firefox set to fix the DNS problem. Whats the safest way to tunnel then? I head encrypting your traffic on a public wifi network would be a good idea. Is there another way to encrypt the traffic? Privoxy maybe?
April 29, 2009 at 10:34 am #23943AnonymousParticipant
It all depends on what you are trying to achieve. If you are seeking privacy from eavesdropping on your network then the SSL tunnel works fine. If you want to anonymise your traffic consider Tor (http://www.torproject.org/). There are lots of other VPN solutions out there that will encrypt your traffic and the best one for the job again depends on what you want to achieve.
April 29, 2009 at 6:34 pm #23944
Thanks for the information Jimbob, gives me some things to research. Thanks again for your replies 🙂
April 29, 2009 at 7:19 pm #23945KetchupParticipant
BTW, this technique (SSH tunnel) is great for bypassing content-filtering proxies.
April 29, 2009 at 11:25 pm #23946
True that, I have websense at work…. and I figured out one of there open proxies. However that is against company policy and I don’t want to get fired… I’m afraid when my boss comes to my desk and see’s me watching youtube video’s he might be wondering how I did that 🙂
- You must be logged in to reply to this topic.