|
General software and network General OS-independent software and network questions, X11, MTA, routing, etc. |
|
Thread Tools | Display Modes |
|
|
|||
encrypt my downloads
I want to encryt my downloads. Can you take a look on what i did ?
At Work, i can use an public IP address (static) for an OpenBSD Box (SDSL). At Home, i have dynamic Ip address. Code:
AT WORK--------------------------------ssh_tunnel------------------AT Home OpenBSD_Box_ssh_Server--------((Internet))-------Apple imac Code:
ssh -D 1080 hello.atwork.info On the OpenBSD Box (only 1 NIC) sshd is running, my pf.conf : Code:
set skip on lo set block-policy drop nat on egress from rl0:network -> egress block in log on egress pass in log inet proto tcp from any to any port 22 pass out Code:
00:52:02.269468 hello.atwork.info.ssh > kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017: . 241921:243361(1440) ack 144 win 17280 <nop,nop,timestamp 3715967102 858590288> (DF) [tos 0x10] 00:52:02.476293 kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017 > hello.atwork.info.ssh: . ack 240481 win 65520 <nop,nop,timestamp 858590290 3715967101> (DF) 00:52:02.476328 hello.atwork.info.ssh > kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017: . 243361:244801(1440) ack 144 win 17280 <nop,nop,timestamp 3715967102 858590290> (DF) [tos 0x10] 00:52:02.476335 hello.atwork.info.ssh > kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017: . 244801:246241(1440) ack 144 win 17280 <nop,nop,timestamp 3715967102 858590290> (DF) [tos 0x10] 00:52:02.763498 ftp.proxad.net.www > hello.atwork.info.50031: . ack 1 win 109 <nop,nop,timestamp 4045426174 3421550309> (DF) 00:52:02.763518 hello.atwork.info.50031 > ftp.proxad.net.www: . ack 262089 win 0 <nop,nop,timestamp 3421550310 0> (DF) 00:52:02.765519 kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017 > hello.atwork.info.ssh: . ack 243361 win 65520 <nop,nop,timestamp 858590293 3715967102> (DF) 00:52:02.765568 hello.atwork.info.ssh > kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017: . 246241:247681(1440) ack 144 win 17280 <nop,nop,timestamp 3715967103 858590293> (DF) [tos 0x10] 00:52:02.765576 hello.atwork.info.ssh > kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017: . 247681:249121(1440) ack 144 win 17280 <nop,nop,timestamp 3715967103 858590293> (DF) [tos 0x10] 00:52:02.765586 hello.atwork.info.ssh > kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017: . 249121:250561(1440) ack 144 win 17280 <nop,nop,timestamp 3715967103 858590293> (DF) [tos 0x10] 00:52:02.974385 kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017 > hello.atwork.info.ssh: . ack 246241 win 65520 <nop,nop,timestamp 858590295 3715967102> (DF) 00:52:02.974421 hello.atwork.info.ssh > kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017: . 250561:252001(1440) ack 144 win 17280 <nop,nop,timestamp 3715967103 858590295> (DF) [tos 0x10] 00:52:02.974429 hello.atwork.info.ssh > kikoo-107-1-32-186.w90-43.abo.wanadoo.fr.50017: . 252001:253441(1440) ack 144 win 17280 <nop,nop,timestamp 3715967103 858590295> (DF) [tos 0x10] ^C 631 packets received by filter 0 packets dropped by kernel On the imac computer, traffic is encrypted ? ISP can't see what i download ? On the openbsd_box, it seems to me that traffic is not encrypted while my imac is downloading ?...? ISP can see what i download (from both side) ? Can you advice me ? or perhaps have a easiest solution to achieve my goal ? Thank's Last edited by Carpetsmoker; 6th April 2010 at 08:21 PM. Reason: Add [code] tags for readability |
|
|||
The encryption ceases at the end point, your home system.. the traffic would be encrypted between your work and home, but it couldn't possibly be encrypted after that point as communications with the remote host (...like whatismyip.org) would be just HTTP, not HTTPS.
There is no way to do what you ask unless the remote services you're accessing support encryption.. and I'm not sure if HTTPS can be negotiated over a SOCKS proxy, OpenSSH does support other types of tunnels though. |
|
|||
Thank's.
I saw software like ipredator.se and anchorfree.com. It is not possible to build a thing like that, and so : Encrypt downloads & hide them from our ISP ? |
|
|||
Re to Nightweaver
Your traffic from you to Proxy will be encrypted, but from your proxy to internet : Nothing will be encrypted...
|
|
|||
Even with services like ipredator, the tunneled traffic is encrypted between your system and theirs.. so your own provider can't easily (..if at all) determine what you're downloading, but theirs can.
They make the connections on your behalf, unencrypted on their end.. and someone can still eavesdrop-on/tamper-with the contents en route to the destination. Encrypt "content", not the communication channel. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Automating FreeBSD release downloads with a .netrc file | J65nko | Guides | 4 | 11th February 2010 09:02 PM |
SourceForge bars 5 nations from open source downloads | J65nko | News | 11 | 27th January 2010 11:19 PM |
Automating OpenBSD snapshot downloads with a .netrc file | J65nko | Guides | 1 | 7th January 2010 03:09 AM |
Easiest Way to Encrypt /tmp | Oko | OpenBSD Security | 4 | 16th April 2009 08:13 PM |
Questions about encrypt local passwords | aleunix | OpenBSD Security | 4 | 2nd June 2008 02:07 PM |