Foo over SSH
Using SSH as a transport for your protocol
A comparison of the different solutions for using SSH2 as a secured transport for protocols/services/applications.
Read more…Read more… Using SSH as a transport for your protocol A comparison of the different solutions for using SSH2 as a secured transport for protocols/services/applications. While looking at the OpenSSH There's been some articles lately about Intel AMT and its impact on security, trust, privacy and free-software. AMT supposed to be widely deployed in newest Intel hardware. So I wanted to see if I could find some AMT devices in the wild. A simple way to create IP over UDP tunnels using In a previous post, I tried different solutions for tunnelling DNS over TLS. One of those solutions was using a dedicated DNS-over-UDP fake service replying to all queries with the truncate flag set: this was causing the stub resolvers to retry the query using a TCP-based virtual-circuit. This solution is interesting because it is dead simple (it fits in a few line of codes) but it is clearly a hack. Here, I'm using a dedicated DNS forwarder aggregating all the incoming DNS-over-UDP requests over a single persistent TCP virtual-circuit. The Broadband Forum as a lot of technical reports about the xDSL architecture but it's not so easy to find a good description of the global architecture. Those are ASCII-art protocol stack I inferred from those documents. What's in there may be wrong, feel free to correct me. You might want to use an open recursive DNS servers if your ISP's DNS server is lying. However, if your network/ISP is intercepting all DNS requests, a standard open recursive DNS server won't help. You might have more luck by using an alternative port or by forcing the usage of TCP (Foo over SSH
OpenSSH ProxyUseFdPass
ssh_config
manpage, I found the ProxyUseFdpass
configuration I did not know about. It's apparently not widely known or used.Intel AMT discovery
IP over UDP tunnel with socat
socat
.DNS aggregation over TLS
The broadband protocol stacks
Recursive DNS over TLS over TCP 443
use-vc
option in recent versions of glibc) but it might not work. Alternatively, you could want to talk to a (trusted) remote recursive DNS server over secure channel such as TLS: by using DNS over TLS over TCP port 443 (the HTTP/TLS port), you should be able to avoid most filtering between you and the recursive server.
Page 1 of 1 | Previous page | Next page | JSON Feed | Atom Feed