From aaron@darklands.org Thu May 23 17:06:39 2002 Received: from mailscan6.cac.washington.edu (mailscan6.cac.washington.edu [140.142.33.14]) by lists.u.washington.edu (8.12.1+UW01.12/8.12.1+UW02.01) with SMTP id g4O06Zw3024924 for ; Thu, 23 May 2002 17:06:35 -0700 Received: FROM mxu3.u.washington.edu BY mailscan6.cac.washington.edu ; Thu May 23 17:06:35 2002 -0700 Received: from despair.darklands.org (despair.darklands.org [216.162.215.186]) by mxu3.u.washington.edu (8.12.1+UW01.12/8.12.1+UW02.01) with SMTP id g4O06Y9n019758 for ; Thu, 23 May 2002 17:06:34 -0700 Received: (qmail 27891 invoked by uid 1000); 24 May 2002 00:06:33 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 24 May 2002 00:06:33 -0000 Date: Thu, 23 May 2002 17:06:33 -0700 (PDT) From: Aaron Racine To: UW Linux Group Subject: Re: Undocumented SSH flag (fwd) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Then you should probably include the response to that message as well. Aaron -- Date: Sun, 19 May 2002 23:45:39 -0600 From: myles One thing to watch out for is that *this* socks proxy does all of the resolution on the client side. So if you're using this to anonymize a web connection, it may not do what you think. All of your DNS traffic is going to be being resolved locally where it can be observed. Somewhere out on the internet there's an SSH /socks client that's been hacked not to do this. It's pretty ugly. I'd say you should just start using zeebeedee & or a web proxy instead. On 02.05.23 at 16:47, Richard Lotz wrote: # I figure some of you might find this usefull, especially when connected # via wireless or other shared medium. # # With mozilla this goes in the "socks host" field, not the http proxy # field. # # -richard # # -- # Richard Lotz # GPG Key: http://students.washington.edu/rlotz/key.txt # Fingerprint: 6BD7 C584 7DDC 43FD F0D4 87AB 5A8F 89D5 B3CC 9517 # # # ---------- Forwarded message ---------- # Date: Sat, 18 May 2002 23:54:09 -0700 (PDT) # From: Ken Caruso # Subject: [SeaHack] Undocumented SSH flag # # # Well this might be old news to some, but I was made aware of an # undocumented SSH flag that is pretty usefull. The "-D" flag. It allows you # to use ssh as a socks4 style proxy and have traffic dynamically tunneled. # # For a quick example, lets say you have a machine that you want tunnel your # http traffic to. Use "ssh -D1080 myname@tunnelmachine.com". Then set your # browsers Socks Proxy setting to use localhost:1080 w/socks4. Now you can # surf the web and the traffic is tunneled to "tunnelmachine.com". Since # alot of apps have socks support, this is real handy for using a VPN type # solution to access networks behind a SSH bastion host. # # I am just really happy that I no longer have to run an http proxy because # of the limitations of the -L flag. # # Apparently there might be some issues with MacOSX I dont have an X machine # to test. # # Thanks to Dan Kaminsky for turning me on to this cool feature. # # # Ken Caruso # kenc@seattlewireless.net # http://ken.ipl31.net # # "when in doubt tell the truth" -Mark Twain # # .