DaemonForums  

Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 6th April 2010
Simon Simon is offline
Port Guard
 
Join Date: Jan 2010
Posts: 30
Default encrypt my downloads

I want to encryt my downloads. Can you take a look on what i did ?

At Work, i can use an public IP address (static) for an OpenBSD Box (SDSL).
At Home, i have dynamic Ip address.

Code:
 AT WORK--------------------------------ssh_tunnel------------------AT Home
OpenBSD_Box_ssh_Server--------((Internet))-------Apple imac
So i use on my imac :
Code:
ssh -D 1080 hello.atwork.info
Tunnel is ok. After i add proxy socks : 127.0.0.1 port 1080

On the OpenBSD Box (only 1 NIC)
sshd is running, my pf.conf :
Code:
set skip on lo
set block-policy drop
nat on egress from rl0:network -> egress
block in log on egress
pass in log inet proto tcp from any to any port 22
pass out
When i use safari on imac, and type http://whatismyip.org, i can see the ip address of hello.atwork.info, so the it works. I launched a download on imac, i tried "tcpdump -i rl0" on OpenBSD_box while my imac is downloading :

Code:
00:52:02.269468 hello.atwork.info.ssh > kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017: . 241921:243361(1440) ack 144 win 17280 <nop,nop,timestamp 3715967102 858590288> (DF) [tos 0x10]
00:52:02.476293 kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017 > hello.atwork.info.ssh: . ack 240481 win 65520 <nop,nop,timestamp 858590290 3715967101> (DF)
00:52:02.476328 hello.atwork.info.ssh > kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017: . 243361:244801(1440) ack 144 win 17280 <nop,nop,timestamp 3715967102 858590290> (DF) [tos 0x10]
00:52:02.476335 hello.atwork.info.ssh > kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017: . 244801:246241(1440) ack 144 win 17280 <nop,nop,timestamp 3715967102 858590290> (DF) [tos 0x10]
00:52:02.763498 ftp.proxad.net.www > hello.atwork.info.50031: . ack 1 win 109 <nop,nop,timestamp 4045426174 3421550309> (DF)
00:52:02.763518 hello.atwork.info.50031 > ftp.proxad.net.www: . ack 262089 win 0 <nop,nop,timestamp 3421550310 0> (DF)
00:52:02.765519 kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017 > hello.atwork.info.ssh: . ack 243361 win 65520 <nop,nop,timestamp 858590293 3715967102> (DF)
00:52:02.765568 hello.atwork.info.ssh > kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017: . 246241:247681(1440) ack 144 win 17280 <nop,nop,timestamp 3715967103 858590293> (DF) [tos 0x10]
00:52:02.765576 hello.atwork.info.ssh > kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017: . 247681:249121(1440) ack 144 win 17280 <nop,nop,timestamp 3715967103 858590293> (DF) [tos 0x10]
00:52:02.765586 hello.atwork.info.ssh > kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017: . 249121:250561(1440) ack 144 win 17280 <nop,nop,timestamp 3715967103 858590293> (DF) [tos 0x10]
00:52:02.974385 kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017 > hello.atwork.info.ssh: . ack 246241 win 65520 <nop,nop,timestamp 858590295 3715967102> (DF)
00:52:02.974421 hello.atwork.info.ssh > kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017: . 250561:252001(1440) ack 144 win 17280 <nop,nop,timestamp 3715967103 858590295> (DF) [tos 0x10]
00:52:02.974429 hello.atwork.info.ssh > kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017: . 252001:253441(1440) ack 144 win 17280 <nop,nop,timestamp 3715967103 858590295> (DF) [tos 0x10]
^C
631 packets received by filter
0 packets dropped by kernel
I have some questions ;-)
On the imac computer, traffic is encrypted ? ISP can't see what i download ?
On the openbsd_box, it seems to me that traffic is not encrypted while my imac is downloading ?...? ISP can see what i download (from both side) ?

Can you advice me ?
or perhaps have a easiest solution to achieve my goal ?

Thank's

Last edited by Carpetsmoker; 6th April 2010 at 08:21 PM. Reason: Add [code] tags for readability
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Automating FreeBSD release downloads with a .netrc file J65nko Guides 4 11th February 2010 09:02 PM
SourceForge bars 5 nations from open source downloads J65nko News 11 27th January 2010 11:19 PM
Automating OpenBSD snapshot downloads with a .netrc file J65nko Guides 1 7th January 2010 03:09 AM
Easiest Way to Encrypt /tmp Oko OpenBSD Security 4 16th April 2009 08:13 PM
Questions about encrypt local passwords aleunix OpenBSD Security 4 2nd June 2008 02:07 PM


All times are GMT. The time now is 08:48 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick