I've been using SSH with PuTTY from college for the last week now, and everything's going smoothly. I haven't had anyone come up and ask me what I'm doing, which I kind of expected. Part of the network agreement is to not attempt to bypass firewall restrictions, which this sorta does. Anyway, I have SSH running on port 443 which is the default port for HTTPS. My question is - can the administrators see that I'm connected to a SSH server by looking at my traffic? Or does the fact that I'm using port 443 stop them from telling the difference between normal HTTPS traffic?
Comments
If they never have any reason to suspect you id say your safe, obviously your encryption is going to foil any pathetic basic filters they may use on their network, however if they are remotely competent and have reason to suspect you then you would be busted unless you have taken extra measures to protect yourself, im assuming you have a pretty standard ssh server on port 445 whatever your ip or domain is, try telnet onesan.su 22, protip dont do that more than 10 times or so or you will probably get noticed by denyhosts and then automatically added to my publically available shitlist
in fact here
[Onesan@udongein ~]$ telnet onesan.su 22
Trying 121.72.236.215 ...
Connected to onesan.su (121.72.236.215).
Escape character is '^]'.
SSH-2.0-OpenSSH_5.2
Connection closed by foreign host.
since your running it on port 445 and it would reasonably resemble ordinary encrypted nonsense id say at least till you give them a reason to suspect something your pretty safe, someone even slightly competent who monitored your traffic and noticed long connections to that domain/ip port combo and either telnetted into it and grabbed its welcome message or fired up nmap against it would know what your doing very quickly, well not exactly WHAT you are actually doing but you get my point.
of course you would need to draw attention to yourself or piss off the wrong netadmin to make someone go and monitor all your traffic for a extended period to do that, well either that or they have some homebrewed abomination of a "security system" that essentially automatically portscans after the fact any port that someone on the network attemtps to connect to and grabs the (if any) welcome message it replies with and checks against a blacklist of suspicous strings and then (presumably) shoots a email off to someone f it gets a hit.
in reality yes no maybe, depends on how tight your tinfoil hat is feeling at the moment i geuss XD
I used to pwn everyone by acting like I know something about the systems. This put me on Network Admin watch list and also gave me access to their systems because they tend to leave me incharge when they go out.
Again, I don't think you will get caught unless they implement some stupid filters and everyone around you starts using the same method to bypass the firewall. They will see spike in traffic usage and then will come down hard core on it.
Turn your box on!
Nope, I haven't asked because it goes against certain parts of our network agreement and they wouldn't agree to it anyway. Hell, they don't even let you connect your laptop to the WiFi because they're worried that something will go wrong.
And RemadE - its up and running, will leave it on all day :thumbsup:
Interesting. I use the SSH server so I can tunnel into my home machine and use the internet connection
Just out of curiosity how do you have your server set up?
~PsyCl0ne
What else would you like to know?