glennji.com

Because life's too short to save your work

networking

Sep 20

Reverse SSH tunnels

So I described why SSH, and SSH tunnelling, is so cool -- you can effectively port-forward over an encrypted channel to any accessible host at the other end.  So I'm running a VNC server at home (so I can have X-Windows applications without a physical display, and have them continue to run when I disconnect), and I can fire up a remote desktop at work by entering localhost:5900 as my VNC server.  It's a "forward tunnel".

But it's "reverse tunnels" that are really cool, because they allow me to connect to an RDP service (Terminal Services) at work from home.  Firewalls will often maintain connection-state information, so can be configured to only allow connections to be established from "inside" to "outside".

With a reverse tunnel, the connection is established from inside (work) to outside (home) whilst I'm still in the office ... but when I get home I can piggyback on the reverse tunnel and get back into the work network!

C'mon, that's cool

Stompbox

Take a hackable wifi router and add an EVDO card and you have a http://www.stompboxnetworks.com/ Stompbox - a mobile wifi hotspot to carry in your car or backpack.

Wifi

"Wifi" refers to a family of wireless ([[RF]]) networking protocols under the IEEE standard 802.11a/b/g. Wifi is common in home networking, and also the various locations that offer a "wifi hotspot".

The name is a play on the word "hi-fi", a contraction of "high fidelity" which refers to the quality of sound produced by audio equipment.

== Security ==

There are a couple of different security schemes for wifi, largely due to the evolutionary nature of the technology (i.e. new standards replacing old). Most wifi access-points will support one or more of the following:

* Open - no encryption scheme. An open access point can be used by anyone, and any traffic through it should be considered unsafe i.e. don't do anything which requires a password through an open access point, even if it's one you control!

* WEP - wired-equivalent protection. WEP was introduced with 802.11b, an early wifi standard. It has since been proven to be fairly easy to crack, and probably shouldn't be used.

* WPA/WPA2 - "wifi protected access" - A secure encryption scheme designed to replace WEP. WPA can be run with an authentication server or using preshared keys (PSK), and can use different encryption algorithms including AES.

Some people think that locking down an access point based on MAC address is also secure, but with the right software it is trivial to change your apparent MAC address to look however you like. MAC address limiting is less secure than (the already extremely insecure) WEP.

Zeroconf

http://www.zeroconf.org/ Zeroconf is the name given to IPv4 Link Local Addressing, an auto-configuration scheme for IPv4 networks. It is used to allow network devices (such as computers, printers and embedded devices) to connect to a network and self-configure without the need for dedicated servers providing services such as [[DHCP]] and [[DNS]].