Secure Surfing at the Coffee Shop
From, Kyle Haugsness, SANS Handler's Diary
This tip is how to use SSH port forwarding to browse the web at your favorite coffee shop (or hacker conference).
1) Setup a machine on your home network. If you don't have a static IP address, then use dynamic DNS.
2) On this machine setup squid (http://www.squid-cache.org/) and bind it only to localhost. Do this with the "http_port 127.0.0.1:3128" line in squid.conf. This will prevent others on the Internet from abusing your open proxy.
Alternatively, you can use the built-in SOCKS proxy in SSHD but with less anonimity. Use the command "ssh -D 3128
3) Setup SSHD on this machine. And do yourself a favor, require SSH key authentication and run SSHD on a port that is NOT 22. This will keep all those brute force SSH grinders from filling your log files.
4) At the coffee shop, do ssh -p
5) The most critical piece is to configure your web browser to use a proxy. Host: 127.0.0.1; port 3128
6) Surf away. All your web surfing will be encrypted to your home box before travelling to the Internet.
You can forward almost any standard TCP application though an SSH tunnel.
read more ...
No comments:
Post a Comment