View Single Post
  #1   (View Single Post)  
Old 6th April 2010
Simon Simon is offline
Port Guard
 
Join Date: Jan 2010
Posts: 30
Default encrypt my downloads

I want to encryt my downloads. Can you take a look on what i did ?

At Work, i can use an public IP address (static) for an OpenBSD Box (SDSL).
At Home, i have dynamic Ip address.

Code:
 AT WORK--------------------------------ssh_tunnel------------------AT Home
OpenBSD_Box_ssh_Server--------((Internet))-------Apple imac
So i use on my imac :
Code:
ssh -D 1080 hello.atwork.info
Tunnel is ok. After i add proxy socks : 127.0.0.1 port 1080

On the OpenBSD Box (only 1 NIC)
sshd is running, my pf.conf :
Code:
set skip on lo
set block-policy drop
nat on egress from rl0:network -> egress
block in log on egress
pass in log inet proto tcp from any to any port 22
pass out
When i use safari on imac, and type http://whatismyip.org, i can see the ip address of hello.atwork.info, so the it works. I launched a download on imac, i tried "tcpdump -i rl0" on OpenBSD_box while my imac is downloading :

Code:
00:52:02.269468 hello.atwork.info.ssh > kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017: . 241921:243361(1440) ack 144 win 17280 <nop,nop,timestamp 3715967102 858590288> (DF) [tos 0x10]
00:52:02.476293 kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017 > hello.atwork.info.ssh: . ack 240481 win 65520 <nop,nop,timestamp 858590290 3715967101> (DF)
00:52:02.476328 hello.atwork.info.ssh > kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017: . 243361:244801(1440) ack 144 win 17280 <nop,nop,timestamp 3715967102 858590290> (DF) [tos 0x10]
00:52:02.476335 hello.atwork.info.ssh > kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017: . 244801:246241(1440) ack 144 win 17280 <nop,nop,timestamp 3715967102 858590290> (DF) [tos 0x10]
00:52:02.763498 ftp.proxad.net.www > hello.atwork.info.50031: . ack 1 win 109 <nop,nop,timestamp 4045426174 3421550309> (DF)
00:52:02.763518 hello.atwork.info.50031 > ftp.proxad.net.www: . ack 262089 win 0 <nop,nop,timestamp 3421550310 0> (DF)
00:52:02.765519 kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017 > hello.atwork.info.ssh: . ack 243361 win 65520 <nop,nop,timestamp 858590293 3715967102> (DF)
00:52:02.765568 hello.atwork.info.ssh > kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017: . 246241:247681(1440) ack 144 win 17280 <nop,nop,timestamp 3715967103 858590293> (DF) [tos 0x10]
00:52:02.765576 hello.atwork.info.ssh > kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017: . 247681:249121(1440) ack 144 win 17280 <nop,nop,timestamp 3715967103 858590293> (DF) [tos 0x10]
00:52:02.765586 hello.atwork.info.ssh > kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017: . 249121:250561(1440) ack 144 win 17280 <nop,nop,timestamp 3715967103 858590293> (DF) [tos 0x10]
00:52:02.974385 kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017 > hello.atwork.info.ssh: . ack 246241 win 65520 <nop,nop,timestamp 858590295 3715967102> (DF)
00:52:02.974421 hello.atwork.info.ssh > kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017: . 250561:252001(1440) ack 144 win 17280 <nop,nop,timestamp 3715967103 858590295> (DF) [tos 0x10]
00:52:02.974429 hello.atwork.info.ssh > kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017: . 252001:253441(1440) ack 144 win 17280 <nop,nop,timestamp 3715967103 858590295> (DF) [tos 0x10]
^C
631 packets received by filter
0 packets dropped by kernel
I have some questions ;-)
On the imac computer, traffic is encrypted ? ISP can't see what i download ?
On the openbsd_box, it seems to me that traffic is not encrypted while my imac is downloading ?...? ISP can see what i download (from both side) ?

Can you advice me ?
or perhaps have a easiest solution to achieve my goal ?

Thank's

Last edited by Carpetsmoker; 6th April 2010 at 08:21 PM. Reason: Add [code] tags for readability
Reply With Quote