Throughout the following lines, I will be walking through some of the main steps which have to be necessarily followed for someone new to the field of security administration to be able to excel at such domain. Following the steps will definitely grant a great result by getting to know the different aspects of the topic and fully grasp its concept.

  1. Understand what is meant by a tunneling protocol?

     

A network user has the ability to access a network service which is not supported directly by the underlying network. Or a user can further offer such service to a network of the same sort. What could this notion be used in practice? Well, there are actually three main benefits of such protocol given in the following list:

  • Running a protocol on a network which actually does not allow for such protocol or merely does not support it. This way, IPv6 can run over IPv4 for instance.
  • A remote user has the potential to access the network through this method as well. Though it is not a safe choice, an critical user or employee within a corporation can get an internal IP address for his machine when working from his home or when traveling. No matter what his machine’s physical IP address is, the machine will have the company’s network address to work as if being inside the company already.
  • Hiding the nature of network traffic going through a network is an unusual usage of protocol tunneling as well. But how and why is that? Basically, encryption can be a standard to get a traffic data repackaged when transferring between two networks. Data will not be easily visible when captured by any sniffer because it will be in the form of encryption.

Talking in general, tunneling is considered as a means of sharing data between two different networks. Through such method data of the private network gets encapsulated along with the protocols used in the broadcast of a public network.  The public network thereby conceives such protocol information as mere pieces of data.

  1. Get to know SSH Tunneling

 

A Secure Shell (SSH) tunnel is essentially an encrypted channel which allows for all the traffic to go through it whether such traffic is encrypted initially or not encrypted. It depends on SSH network protocol. Here, the network protocol of a private network gets encapsulated into another protocol which is SSH, making all the communication between them become encrypted.

To illustrate, transferring files between Windows machines over a remote connection utilizes the protocol of Server Message Block (SMB). Because such protocol does not offer an encrypted means of getting the data transferred, meaning that transferring data using this method is ultimately prone to get attacked and exploited by a good attacker.

Mounting a Windows file system which is of SMB type of traffic could be performed securely accordingly by an encryption channel between the client and the file server through using an SSH tunnel.

Establishing a local SSH tunnel mainly requires setting up –configuring– an SSH client on a machine where a port is being forwarded to another local one on a remote machine. When it becomes established, such specified local port could be connected to by the user to get the network service accessed thereafter. It is important to note the two ports can be different as desired.

One good thing about SSH tunnels is that firewalls could be simply bypassed by mainly making use of them. To elaborate on this point, let’s consider that a device is connected to a network which does not essentially allow for getting any access to the internet. This basically means that port number 80 is closed on any connection to get established through it. One way to play around this restriction is to fundamentally forward a local port on the machine into port number 80 on another computer outside the network where the internet is accessible.

There will be however one remaining obstacle that could be faced despite using SSH tunneling. It is a problem of whether a site allows users to establish outgoing connections or not. If yes, then the method will work perfectly while an organization’s proxy filter will not even notice such bypassing and accordingly will not be capable of prohibiting the access of internet on the machine.

One more benefit of such bypassing is that an organization cannot get to know the traffic going from and into the internet on this machine because it is supposed to be not connected to an internet connection anymore. A remote web server could be accessed by pointing the browser on the original engine to local port at http://localhost/.

  1. Identify the types of SSH tunneling

There are three main categories of SSH tunneling. Each could be used in a different situation and network. They are given by the following list:

  1. Know what OpenSSH is?



For the sake of making the software free and available to get used without any cost, the older 1.2.12 release of the original SSH program was the starting point when it was an open source software version. In 1999, using the codebase of such version, Björn Grönvall’s OSSH got released.

OpenBSD developers then worked on developing and improving the code of Grönvall. The result was the successful OpenSSH, which shipped with the 2.6 release of OpenBSD. OpenSSH was then able to get ported onto other operating systems through what is referred to as a portability branch.

OpenSSH supported a plenty of operating systems to the extent that back in 2005 it was the only SSH implementation running on several platforms. OSSH, on the other hand, came to vanish at the same time when OpenSSH got much more viral and popular.

Try Certified Ethical Hacker for FREE!!!https://infosecaddicts.com/course/certified-ethical-hacker-v10/

References

http://www.hackingarticles.in/beginner-guide-ssl-tunneling-dynamic-tunneling/

http://www.hackingarticles.in/perform-local-ssh-tunneling/

https://en.wikipedia.org/wiki/Tunneling_protocol

https://en.wikipedia.org/wiki/SOCKS

https://en.wikipedia.org/wiki/Comparison_of_proxifiers

https://en.wikipedia.org/wiki/TUN/TAP

http://www.hackingarticles.in/perform-remote-tunneling/

http://www.hackingarticles.in/beginner-guide-ssl-tunneling-dynamic-tunneling/

http://linux.byexamples.com/archives/115/ssh-dynamic-tunneling/

https://ypereirareis.github.io/blog/2016/09/19/ssh-tunnel-local-remote-port-forwarding/

https://coderwall.com/p/pmf0tw/understand-local-remote-and-dynamic-ssh-tunneling

http://www.hackingarticles.in/time-scheduling-ssh-port/

http://www.hackingarticles.in/web-server-exploitation-ssh-log-poisoning-lfi/

http://www.hackingarticles.in/metasploitable-3-exploitation-using-brute-forcing-ssh/

http://www.hackingarticles.in/secure-port-using-port-knocking/

https://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling-explained/

https://en.wikipedia.org/wiki/RealVNC

https://nmap.org/

http://resources.infosecinstitute.com/metasploitable-2-walkthrough/#gref

https://www.vulnhub.com/entry/metasploitable-2,29/

https://github.com/rapid7/metasploitable3

[ihc-select-level]

Leave a Reply