Suche senden
Hochladen
sshuttle VPN (2011-04)
•
Als ODP, PDF herunterladen
•
0 gefällt mir
•
689 views
A
apenwarr
Folgen
Avery's presentation about sshuttle at LinuxFest Northwest 2011 in Bellingham, WA.
Weniger lesen
Mehr lesen
Technologie
Melden
Teilen
Melden
Teilen
1 von 31
Jetzt herunterladen
Empfohlen
Tcpdump
Tcpdump
Mohamed Gamel
Introduction to tcpdump
Introduction to tcpdump
Lev Walkin
OpenVPN
OpenVPN
Emil CHERICHEȘ
Tcpdump
Tcpdump
Sourav Roy
ZeroMQ: Super Sockets - by J2 Labs
ZeroMQ: Super Sockets - by J2 Labs
James Dennis
Non-DIY* Logging
Non-DIY* Logging
ESUG
Ltsp talk
Ltsp talk
Kanchilug
Zmq in context of openstack
Zmq in context of openstack
Yatin Kumbhare
Empfohlen
Tcpdump
Tcpdump
Mohamed Gamel
Introduction to tcpdump
Introduction to tcpdump
Lev Walkin
OpenVPN
OpenVPN
Emil CHERICHEȘ
Tcpdump
Tcpdump
Sourav Roy
ZeroMQ: Super Sockets - by J2 Labs
ZeroMQ: Super Sockets - by J2 Labs
James Dennis
Non-DIY* Logging
Non-DIY* Logging
ESUG
Ltsp talk
Ltsp talk
Kanchilug
Zmq in context of openstack
Zmq in context of openstack
Yatin Kumbhare
Tomasz P from Poland
Tomasz P from Poland
irenazd
[213] ethereum
[213] ethereum
NAVER D2
Mininet Basics
Mininet Basics
Eueung Mulyana
Introduction to tcp ip linux networking
Introduction to tcp ip linux networking
Sreenatha Reddy K R
Quick Start Guide using Virtuozzo 7 (β) on AWS EC2
Quick Start Guide using Virtuozzo 7 (β) on AWS EC2
Kentaro Ebisawa
Networking in linux
Networking in linux
Varnnit Jain
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OpenvSwitch
Pound & Varnish - Cache e Balanceamento de Carga
Pound & Varnish - Cache e Balanceamento de Carga
gsroma
Docker-OVS
Docker-OVS
snrism
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorial
annik147
Automatic Configuration Management for Kamailio and Asterisk in the era of Pu...
Automatic Configuration Management for Kamailio and Asterisk in the era of Pu...
Digium
Configuration of Smtp Server On CentOS 8
Configuration of Smtp Server On CentOS 8
Kaan Aslandağ
Docker Networking
Docker Networking
Weaveworks
Cloud Compt
Cloud Compt
Kanchilug
Configuration of SFTP Server on CentOS 8.pdf
Configuration of SFTP Server on CentOS 8.pdf
Kaan Aslandağ
Ltsp
Ltsp
Barcamp Kerala
Python Ireland 2012 - Message brokers and Python by Fernando Ciciliati
Python Ireland 2012 - Message brokers and Python by Fernando Ciciliati
Python Ireland
Network Sniffing
Network Sniffing
budi rahardjo
Install ovs on local pc
Install ovs on local pc
ApplistarVN
Ltsp Slide
Ltsp Slide
Luca Foppiano
Once heard presentation
Once heard presentation
afenwick
BenefitsCheckUp 10 Year Anniversary Celebration
BenefitsCheckUp 10 Year Anniversary Celebration
National Council on Aging (NCOA)
Weitere ähnliche Inhalte
Was ist angesagt?
Tomasz P from Poland
Tomasz P from Poland
irenazd
[213] ethereum
[213] ethereum
NAVER D2
Mininet Basics
Mininet Basics
Eueung Mulyana
Introduction to tcp ip linux networking
Introduction to tcp ip linux networking
Sreenatha Reddy K R
Quick Start Guide using Virtuozzo 7 (β) on AWS EC2
Quick Start Guide using Virtuozzo 7 (β) on AWS EC2
Kentaro Ebisawa
Networking in linux
Networking in linux
Varnnit Jain
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OpenvSwitch
Pound & Varnish - Cache e Balanceamento de Carga
Pound & Varnish - Cache e Balanceamento de Carga
gsroma
Docker-OVS
Docker-OVS
snrism
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorial
annik147
Automatic Configuration Management for Kamailio and Asterisk in the era of Pu...
Automatic Configuration Management for Kamailio and Asterisk in the era of Pu...
Digium
Configuration of Smtp Server On CentOS 8
Configuration of Smtp Server On CentOS 8
Kaan Aslandağ
Docker Networking
Docker Networking
Weaveworks
Cloud Compt
Cloud Compt
Kanchilug
Configuration of SFTP Server on CentOS 8.pdf
Configuration of SFTP Server on CentOS 8.pdf
Kaan Aslandağ
Ltsp
Ltsp
Barcamp Kerala
Python Ireland 2012 - Message brokers and Python by Fernando Ciciliati
Python Ireland 2012 - Message brokers and Python by Fernando Ciciliati
Python Ireland
Network Sniffing
Network Sniffing
budi rahardjo
Install ovs on local pc
Install ovs on local pc
ApplistarVN
Ltsp Slide
Ltsp Slide
Luca Foppiano
Was ist angesagt?
(20)
Tomasz P from Poland
Tomasz P from Poland
[213] ethereum
[213] ethereum
Mininet Basics
Mininet Basics
Introduction to tcp ip linux networking
Introduction to tcp ip linux networking
Quick Start Guide using Virtuozzo 7 (β) on AWS EC2
Quick Start Guide using Virtuozzo 7 (β) on AWS EC2
Networking in linux
Networking in linux
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
Pound & Varnish - Cache e Balanceamento de Carga
Pound & Varnish - Cache e Balanceamento de Carga
Docker-OVS
Docker-OVS
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorial
Automatic Configuration Management for Kamailio and Asterisk in the era of Pu...
Automatic Configuration Management for Kamailio and Asterisk in the era of Pu...
Configuration of Smtp Server On CentOS 8
Configuration of Smtp Server On CentOS 8
Docker Networking
Docker Networking
Cloud Compt
Cloud Compt
Configuration of SFTP Server on CentOS 8.pdf
Configuration of SFTP Server on CentOS 8.pdf
Ltsp
Ltsp
Python Ireland 2012 - Message brokers and Python by Fernando Ciciliati
Python Ireland 2012 - Message brokers and Python by Fernando Ciciliati
Network Sniffing
Network Sniffing
Install ovs on local pc
Install ovs on local pc
Ltsp Slide
Ltsp Slide
Andere mochten auch
Once heard presentation
Once heard presentation
afenwick
BenefitsCheckUp 10 Year Anniversary Celebration
BenefitsCheckUp 10 Year Anniversary Celebration
National Council on Aging (NCOA)
Digital Marketing for Financial Services Workshop
Digital Marketing for Financial Services Workshop
H2 Central
Carlos pallordet digital marketing in financial services
Carlos pallordet digital marketing in financial services
The Digital Insurer
Digital marketing and financial services
Digital marketing and financial services
Ian Fenwick, Digital Marketing
Digital Disappointments: how to dodge them
Digital Disappointments: how to dodge them
Ian Fenwick, Digital Marketing
Andere mochten auch
(6)
Once heard presentation
Once heard presentation
BenefitsCheckUp 10 Year Anniversary Celebration
BenefitsCheckUp 10 Year Anniversary Celebration
Digital Marketing for Financial Services Workshop
Digital Marketing for Financial Services Workshop
Carlos pallordet digital marketing in financial services
Carlos pallordet digital marketing in financial services
Digital marketing and financial services
Digital marketing and financial services
Digital Disappointments: how to dodge them
Digital Disappointments: how to dodge them
Ähnlich wie sshuttle VPN (2011-04)
Tcpip
Tcpip
julien pauli
#Include os - From bootloader to REST API with the new C++
#Include os - From bootloader to REST API with the new C++
IncludeOS
class12_Networking2
class12_Networking2
T. J. Saotome
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
idsecconf
Networking in Gnu/Linux
Networking in Gnu/Linux
Ahmed Mekkawy
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
Moabi.com
Using linux as_a_router
Using linux as_a_router
HARRY CHAN PUTRA
Linux Network Stack
Linux Network Stack
Adrien Mahieux
Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)
Andriy Berestovskyy
14 network tools
14 network tools
Shay Cohen
Kernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are money
Anne Nicolas
Tcp congestion avoidance
Tcp congestion avoidance
Ahmed Kamel Taha
.ppt
.ppt
webhostingguy
8 steps to protect your cisco router
8 steps to protect your cisco router
IT Tech
Docker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined Networks
Adrien Blind
Meetup docker using software defined networks
Meetup docker using software defined networks
OCTO Technology
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
masoodnt10
Copy of a simple tcp spoofing attack
Copy of a simple tcp spoofing attack
Vishal Gurujuwada
Tcp Anonymous Authenticated ID
Tcp Anonymous Authenticated ID
Jim MacLeod
Linux Capabilities - eng - v2.1.5, compact
Linux Capabilities - eng - v2.1.5, compact
Alessandro Selli
Ähnlich wie sshuttle VPN (2011-04)
(20)
Tcpip
Tcpip
#Include os - From bootloader to REST API with the new C++
#Include os - From bootloader to REST API with the new C++
class12_Networking2
class12_Networking2
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Networking in Gnu/Linux
Networking in Gnu/Linux
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
Using linux as_a_router
Using linux as_a_router
Linux Network Stack
Linux Network Stack
Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)
14 network tools
14 network tools
Kernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are money
Tcp congestion avoidance
Tcp congestion avoidance
.ppt
.ppt
8 steps to protect your cisco router
8 steps to protect your cisco router
Docker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined Networks
Meetup docker using software defined networks
Meetup docker using software defined networks
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Copy of a simple tcp spoofing attack
Copy of a simple tcp spoofing attack
Tcp Anonymous Authenticated ID
Tcp Anonymous Authenticated ID
Linux Capabilities - eng - v2.1.5, compact
Linux Capabilities - eng - v2.1.5, compact
Kürzlich hochgeladen
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Fwdays
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Mark Billinghurst
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Sergiu Bodiu
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Fwdays
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
gvaughan
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Padma Pradeep
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Mattias Andersson
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Scott Keck-Warren
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Alfredo García Lavilla
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
Zilliz
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Ridwan Fadjar
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
null - The Open Security Community
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Hervé Boutemy
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Stephanie Beckett
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Fwdays
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
UiPathCommunity
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Slibray Presentation
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Manik S Magar
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Commit University
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
NavinnSomaal
Kürzlich hochgeladen
(20)
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
sshuttle VPN (2011-04)
1.
Sshuttle, the unilateral
VPN Avery Pennarun 2011 04 30
2.
3.
4.
Virtually all implementations
are incompatible
5.
Not designed for
NAT
6.
Requires kernel-level support
7.
Bloats packets
8.
Requires a genius
to configure 9
9.
10.
Free
11.
Still requires kernel-level
support
12.
Still hard to
configure
13.
14.
15.
Easy to set
up: often installed by default
16.
Works with simple
password authentication
17.
But allows fancy
public key crypto
18.
Sucks at port
forwarding 12
19.
20.
Works with any
ssh server
21.
Exactly as easy
as ssh
22.
Leaves all the
crypto to ssh
23.
Gets through NAT
as easily as ssh
24.
Needs no admin
access on the server 14
25.
26.
But when carrying
TCP over TCP, the inner TCP never experiences packet loss because the outer TCP fixes it 17
27.
28.
How do they
know the link between is only 1 MBit? 18
29.
30.
The slow link
drops packets if you send too fast
31.
And TCP notices
this and slows down 18
32.
33.
How do they
know to transmit at only 500 kbits each? 19
34.
35.
36.
37.
38.
39.
People see routers
dropping packets and try to “fix” it by adding big buffers
40.
Your cable modem
or DSL router does this
41.
The Linux kernel
does this
42.
And it destroys
TCP performance
43.
That's the
only reason why large uploads (Bittorrent) make your Internet suck 22
44.
45.
...and the link
is 6 MBit (600 kbytes/sec)
46.
Then you have
about 0.1*600 = 60 kbytes in flight at any moment
47.
a 600 kbyte
buffer means 10 seconds of latency
48.
The “right” buffer
is roughly bandwidth*delay
49.
“ As big
as possible” is always wrong! 24
50.
51.
52.
Doesn't use a
“tap” interface and capture packets
53.
Uses “transparent proxying”
instead
54.
Kind of like
the old SLiRP tool
55.
Unwinds the inner
TCP and sends the payload 26
56.
57.
Unfails TCP Slow
Start algorithm by sharing it between connections
58.
Reduces TCP/IP
overhead instead of adding it (especially by merging small packets)
59.
60.
Can use simple,
well-understood streaming encryption (ssh is more trustworthy than IPsec) 28
61.
62.
sshuttle uses a
cheap hack to keep latency low even in heavy-traffic situations
63.
So if you
upload and ssh at the same time, use sshuttle... it'll suck less 29
64.
But that's not
all...
65.
66.
67.
The server always
has the latest features
68.
69.
Self-assembly: Phase 1
ssh myserver “ python -c ' import sys; skip_imports=1; verbosity=0; exec compile(sys.stdin.read(764), amp;quot;assembler.pyamp;quot;, amp;quot;execamp;quot;) ' ” 32
70.
Self-assembly: Phase 2
import sys, zlib z = zlib.decompressobj() mainmod = sys.modules[__name__] name = 1 while name: name = sys.stdin.readline().strip() if name: nbytes = int(sys.stdin.readline()) content = z.decompress(sys.stdin.read(nbytes)) exec compile(content, name, "exec") mainmod.__dict__[name[:-3]] = mainmod main() 34
71.
72.
But we make
an exception for DNS
73.
Packets destined for
your local nameserver get bounced to the remote one instead
74.
And answers pretend
to come from your local one 35
75.
76.
Maybe you only
want the remote computer names in your local DNS
77.
78.
reverse DNS, netstat
-a
79.
and so on
36
80.
81.
--auto-nets just asks
the server which routes are local
82.
And sets up
your local routing to send those over the VPN 37
83.
84.
85.
Also, there is
a fancy MacOS GUI
86.
Demo 38
87.
Questions? 40
Jetzt herunterladen