Monday, November 28, 2011
Saturday, November 26, 2011
Fun with SOCKS, IPv6 and SSH
This is fun stuff with both IPv6 and SOCKS. And ... the IPv6 is a side effect of the SOCKS ... ;-)
EDIT: here is a command to check the SOCKS SSH tunnel:
$ sudo netstat -apon | grep -i ssh | grep tcp
tcp 0 0 127.0.0.1:1080 0.0.0.0:* LISTEN 8511/ssh off (0.00/0/0)
tcp 0 0 192.168.1.53:44824 174.41.66.20:22 ESTABLISHED 8511/ssh keepalive (5957.97/0/0)
tcp6 0 0 ::1:1080 :::* LISTEN 8511/ssh off (0.00/0/0)
$
First some info on SOCKS: I thought SOCKS was just some old-skool proxy protocol on corporate networks. But I learned you can also use SOCKS (in ssh) to prevent spying by ISPs, governments and other third paries. Here's how:
You need an external SSH-server (which hopefully does IPv6). There are service providers that offer SSH-server functionality for 15 US$ per year(!). I got my VPS with SSH server from Hexxeh (http://vps.hexxeh.net/) for 5 US$ per month. A bit more expensive, but I wanted a VPS anyway and Hexxeh provides IPv6 (on request).
Now set up a super simple SOCKS proxy server on your Linux system (in my case Ubuntu):
ssh -D 1080 myaccount@theremotesshserver.blabla.com
You then need to fill out your password. If your logon is succesful, the local SOCKS proxy is running on port 1080, with its start point on your Linux machine, and its endpoint on the SSH server. So a loooong SOCKS proxy. ;-)
(Attention: stay logged on. As soon as you logout from the SSH session, the SOCKS proxy is gone.)
Now you can point your SOCKS enabled client to localhost and port 1080. I've done this for the webbrowser Chrome (see screendump), and I could browse the web. And suddenly my location had changed to the UK according to http://whatismyipaddress.com/ . And as Hexxeh provides IPv6 (on request), my IPv6 was working according to http://test-ipv6.com/ "Your IPv6 address on the public Internet appears to be 2001:41d0:2:bb58:...".
As my web traffic now goes through an SSH session, I'm quite sure it's encrypted, and it cannot be eavesdropped by my ISP.
Strangely enough, http://www.bbc.co.uk/iplayer/tv thinks I'm NOT in the UK. Maybe the BBC does blacklist IP addresses from (VPS) hosters ... :-(
EDIT: here is a command to check the SOCKS SSH tunnel:
$ sudo netstat -apon | grep -i ssh | grep tcp
tcp 0 0 127.0.0.1:1080 0.0.0.0:* LISTEN 8511/ssh off (0.00/0/0)
tcp 0 0 192.168.1.53:44824 174.41.66.20:22 ESTABLISHED 8511/ssh keepalive (5957.97/0/0)
tcp6 0 0 ::1:1080 :::* LISTEN 8511/ssh off (0.00/0/0)
$
HTH
Wednesday, November 16, 2011
IPv6 Fun: "defa:ced"
Funny: Fun with IPv6 addresses ... see http://codingrelic.geekhold.com/2011/04/ipv6-addresses-for-fun-and-profit.html
There are much more options than just dead:beef:f00d !
a110:c8ed | I allocated an address, just for you. |
defa:ced | I hate my web designer. |
bad:fac:ade | Our CSS needs work. |
bad:deed | Thank you for visiting my site. Really. |
be:fa11 | As in "what has befallen yon dead server?" |
abba:ca:daba | Our network is powered by pure magic. |
d00:bee | Network debugging probably qualifies as "medicinal purposes." |
b0:cce:ba11 | You know, I only discovered Bocce Ball in my 30s. |
5ca1:ab1e | Ignore what you see elsewhere, the secret to scalability is in using clever IP addresses. |
ca:b0b | yummy |
fa1:afe1 | even more yummy! |
b1ab:bed | We might need to tighten up our HTML a bit. |
bab:b1e | We might need to recompress our images a bit. |
ba:b00 | My sweet baboo! |
10ad:ed | I bet it has an itchy trigger finger, too. |
ba:11ad | The entire site is set in iambic pentameter. |
a:100f | My site doesn't like me. |
acc0:1ade | Network admins rarely, if ever, hear praise of their work. |
aff:ab1e | An address for a social networking site if ever I heard one. |
ba:ff1e | Don't blame me for the contents of this site. The web team reports to a whole different department from the network admins. |
ba1:b0a | Its the Eye of the Tiger, baby! |
ed1:f1ce | Look upon my network, ye Mighty, and despair. |
5caf:f01d | This load balancing tier was intended to be temporary. That was four years ago. Such is the way of things. |
Subscribe to:
Posts (Atom)