On Wed, Mar 26, 2025 at 10:03:36AM CET, to...@tuxteam.de said: > On Wed, Mar 26, 2025 at 09:41:55AM +0100, Nicolas George wrote: > > to...@tuxteam.de (HE12025-03-26): > > > I was once sitting at a $(DAYJOB) where they blocked everything but > > > 443 (and 80). I tunneled ssh over socat (with TLS, so that the handshake > > > didn't look suspect, in case their firewall sniffed that). Bonus: I > > > got to see whether they did MITM, since I made my own server and > > > client certs. > > > > If behind a BOFH firewall, ssh is usually a lot easier to tunnel to > > sneak through than a VPN. > > My bet was that 443 is always open because otherwise mid- and hi- > level mgmt would be on top of the poor admins because they couldn't > go to their share trading casinos: I won :)
Admins would also have problems to get security updates (and not accessing *overflow) -- Erwan David
