IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [tunneling]

tunneling refers to a mechanism in which one network protocol encapsulates a different payload protocol.

120 questions
8
votes
1 answer

How can I tell if a PPTP tunnel is secure?

PPTP has been demonstrated to be broken in many ways, and most installations are insecure. But it is also theoretically not broken if configured correctly. As an end-user, is there a simple way for me to tell if a PPTP tunnel offered to me (for…
tylerl
  • 82,225
  • 25
  • 148
  • 226
8
votes
3 answers

How to create ssh tunnel using netcat?

I want to create reverse connection between two machines, but these is a firewall in the middle preventing all connections, except ssh. I want to create ssh tunnel using netcat, could you please tell me how to it?
user1028
  • 437
  • 4
  • 8
  • 14
8
votes
5 answers

Creating tunnel with most ports closed?

How can I create a proxy tunnel from a network that has all ports but port 80 closed? I guess I'd have to bind SSH on my server to port 80, but would that introduce problems to my home network since routers interface is on port 80? Would TOR be a…
tkit
  • 3,272
  • 5
  • 28
  • 36
7
votes
1 answer

How to deal with tunnel applications such as TeamViewer on the corporate network

Our IT department uses TeamViewer to provide support to users at remote locations. More recently we've noticed that users are using TeamViewer to get support for their lab equipment from vendors. Though I support the idea, it does bug me a little…
SilverViper
  • 171
  • 3
6
votes
3 answers

Why is tunneling so important in pen testing?

I am curious why tunneling is so important in pen testing. If one has control of one machine in a network, then using that machine, one can run nmap and web apps and try to find out vulnerabilities.. So why would there be any need to use tunneling?
Mark Dioes
  • 69
  • 1
  • 2
6
votes
1 answer

Pivoting with Metasploit

I am trying to exploit a Windows VM on a different subnet behind a dual home Linux VM where I already have a shell. To keep it simple, I have a meterpreter reverse_tcp shell on the Linux VM (192.168.47.144) and the Windows VM (192.168.128.133) is…
B-MO
  • 313
  • 2
  • 6
6
votes
1 answer

DNS Tunneling - Mitigation

I believe the root cause for DNS tunneling is because the internal hosts are allowed to do recursive queries of external domains. For DNS tunneling to work, an internal host should be able to send queries to attacker controlled domain…
bAd bOy
  • 61
  • 3
5
votes
1 answer

How should I tunnel arbitrary protocol traffic over HTTPS?

I'm posting this question from a moving train! (Ok, maybe that's not so impressive.) This train has an annoying WiFi - it's low-throughput, high-latency, tends to lose packets, and blocks most kinds of traffic (by port and by protocol most…
einpoklum
  • 429
  • 3
  • 12
5
votes
3 answers

Should traffic between two hosts in the same data center be encrypted?

We have two hosts, theoretically in the same data center. The two machines are hosted at Online.net. We're having a bit of a debate: should the traffic between the two hosts be encrypted. The traffic we need to exchange are Redis queries. The data…
François Beausoleil
  • 153
  • 5
5
votes
1 answer

L2TP/IPSec: Mutual authentication BEFORE user can access VPN

I came across a question You are the network administrator for your company. You have deployed Windows Server 2008 on all server computers in your company. You have deployed the Network Policy and Access Service role on a Windows Server 2008 R2…
Glowie
  • 249
  • 1
  • 8
5
votes
2 answers

If two endpoints establish a mutual authenticated connection (TLSv1.0) is the medium between the endpoints a concern?

What are the vulnerable areas when two endpoint connect via TLS? Does the physical layer or data link layer a factor of security concern between the two endpoints? Does it matter in terms of security, that some portion of the link between the two is…
Drew Lex
  • 2,013
  • 2
  • 19
  • 24
5
votes
1 answer

SSH reverse tunnels: can the intermediate server eavesdrop on an SSH session?

Suppose there are three computers: (1) my laptop, (2) a server that has a public static IP address, and (3) a Raspberry Pi behind a NAT. I connect from (1) to (3) via (2) as explained below. On the server (2), I add GatewayPorts yes to…
Flux
  • 593
  • 4
  • 10
4
votes
1 answer

ISP and ssh tunneling

I have a question about ssh tunneling. Is it possible for the ISP to realize the destination server which I want to connect it via ssh tunneling? I mean the destination website which I want to visit it.
user34475
  • 41
  • 2
4
votes
1 answer

Trying to tunnel a reverse shell out of an internal network

I am practicing performing a pentest and getting stuck trying to get an interactive reverse shell from an internal machine to my attacker machine. This is what I have done so far: Me(attacker): 67.67.67.67 (some public ip) Web app (victim):…
user0809452345
  • 93
  • 6
4
votes
1 answer

Is it sensible to tunnel TLS traffic over another TLS?

I'd like to secure my application's traffic using TLS with pre-distributed self-signed certificates (as a drop-in replacement of plain TCP). In some cases, two clients won't be able to talk to each other directly because of presence of NAT and will…
aitap
  • 143
  • 5
1
2
3 4 5 6 7 8