Sign in to follow this  
Followers 0

Sec Implications of an SSH Tunnel

3 posts in this topic

I'm using an SSH tunnel / SOCKS tunnel to proxy my traffic to a VPS somewhere in the world.


I'm establishing the connection using the following.

ssh -D <port> <hostname>


Then I point Firefox to localhost on the declared port number and away I go.


From here, I'm under the assumption that my traffic is safe once it enters the tunnel and leaves my computer off into the internet on its way to the proxy server.


I guess my questions are:


1. What are the security implications here? Anything I should be aware of?

2. Anything I shouldn't do while routing traffic to the proxy?

3. What about DNS leaks?


Share this post

Link to post
Share on other sites

1) Make sure your SSH key is not compromised

2) Anything illegal that makes you worthy of NSA / FBI / CIA computing resources. At one time the U.S. Federal Government  kept Cray Research in business by building GIANT clusters and grids of super computers. I'd be willing to bet these agencies could crack your SSH key in hours (if not immediately through a backdoor).



DNS could depend on the operating system, the easiest way is to use Wireshark to see if the kernel of the O/S is performing DNS resolution with default DNS servers. Someone else may want to chime in for Linux or OS X, but for Windows by design apps will look in:

1 - DNS Cache

2 - hosts file

3 - use the Windows DNS Service (which contacts the default DNS server)

4 - send out a LAN based NetBios broadcast looking for a local or domain host



You could use DNS in some far off land. For example, I doubt say.... Jamaica has DNS servers that compile and log your DNS requests like say.... Google Public DNS,





Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0