Guest
[Entry]
"It depends on how the SSH tunnel is setup, but, generally speaking, there are ways to track things. Let's talk about the high-level scenario.
When I make an SSH connection to a server, the contents of my SSH conversation with that server are secure -- they're encrypted, so you have to break SSH to know what we're saying. However, the IP packets carrying that conversation cannot be encrypted, so if you were to look at one IP packet in that conversation, you'd know where I am (IP source address) and where the SSH server is (IP destination address).
In an SSH tunnel, the conversation I'm having with the server is another TCP/IP conversation to some other remote destination. So inside the tunnel, that second network connection is encrypted, but once it gets to the other end of the tunnel, it's unencrypted internet traffic.
Now. If you were to find that second conversation in the clear, all you'd see is the final destination of the conversation (IP destination address) and the SSH server (IP source address). There's not much in those packets (considering TCP/IP headers only) to differentiate it from some other internet traffic that was created on the SSH server machine; I don't believe there's anything specific in the packets that indicates SSH had anything to do with it.
That doesn't mean it can't be connected back to me -- just that you couldn't do that just by examining TCP/IP headers. For example, deep packet inspection (looking at the data payload in addition to packet headers) could certainly identify me if I'm using the tunnel to login to my Gmail account without SSL. As another example, someone who can root the SSH server hosting my tunnel can figure out what port the tunnel is operating on, and then they can track me by TCP/IP headers.
So no, SSH tunnelling by itself will not be sufficient to hide your e-footprints from a determined tracker."
|
