Breaking Firewalls with OpenSSH

<body background="../../../images/top.png" bgcolor="#FFFFFF"> <table width="100%" cellspacing="0" cellpadding="0" summary=""> <tr> <td align="left" valign="top" rowspan="2" width="99%"><img src="../../../images/toptext_Johannes-Linux-talks.png" alt= "Johannes Linux talks" width="348" height="53" /></td> <td rowspan="2" align="center" valign="bottom"><img src="../../../images/dieseseite.en.png" alt="This page:" width="59" height="19" /></td> <td rowspan="2"><img src="../../../images/transparentpixel.png" alt="  " width="20" height="1" align="bottom" border="0" /></td> <td align="center" valign="top"><a href="ssh3_inhalt.en.html" target="_parent"><img src="../../../images/empty.png" alt="no frames" border="0" width="23" height="30" /></a></td> <td rowspan="2"><img src="../../../images/transparentpixel.png" alt="  " width="20" height="1" align="bottom" border="0" /></td> <td align="center" valign="top"> <div title="Size: 151 kB"><a href="ssh3.en.pdf" target="_blank"><img src="../../../images/pdffile.png" alt="-->" border="0" width="30" height="30" /></a></div> </td> <td rowspan="2"><img src="../../../images/transparentpixel.png" alt="  " width="20" height="1" align="bottom" border="0" /></td> <td align="center" valign="top"><a href="ssh3.de.html" target="_top"><img src="../../../images/germanflag.png" alt= "-->" border="0" width="27" height="23" /></a></td> </tr> <tr> <td align="center" valign="bottom"><script type="text/javascript" language="JavaScript"> //<![CDATA[  //]]> </script> <script type="text/javascript" language="JavaScript"> //<![CDATA[  //]]> </script> <a href="ssh3_inhalt.en.html" target="_parent" onmouseover= "ro_imgOver('ro_img_unknown1', 'without frameset'); return true" onmouseout= "ro_imgNormal('ro_img_unknown1'); return true" onfocus="ro_imgOver('ro_img_unknown1', 'without frameset'); return true" onblur="ro_imgNormal('ro_img_unknown1'); return true"><img name="ro_img_unknown1" src= "../../../images/noframes-std.en.png" alt="without frameset" width="95" height="19" border="0" /></a></td> <td align="center" valign="bottom"> <div title="Size: 151 kB"><script type="text/javascript" language="JavaScript"> //<![CDATA[  //]]> </script> <a href="ssh3.en.pdf" target="_blank" onmouseover="ro_imgOver('ro_img_unknown2', 'save as PDF'); return true" onmouseout="ro_imgNormal('ro_img_unknown2'); return true" onfocus= "ro_imgOver('ro_img_unknown2', 'save as PDF'); return true" onblur= "ro_imgNormal('ro_img_unknown2'); return true"><img name="ro_img_unknown2" src="../../../images/PDF-std.en.png" alt= "save as PDF" width="71" height="19" border="0" /></a></div> </td> <td align="center" valign="bottom"><script type="text/javascript" language="JavaScript"> //<![CDATA[  //]]> </script> <a href="ssh3.de.html" target="_top" onmouseover="ro_imgOver('ro_img_unknown3', 'auf Deutsch'); return true" onmouseout="ro_imgNormal('ro_img_unknown3'); return true" onfocus= "ro_imgOver('ro_img_unknown3', 'auf Deutsch'); return true" onblur= "ro_imgNormal('ro_img_unknown3'); return true"><img name="ro_img_unknown3" src="../../../images/Sprache-std.en.png" alt="auf Deutsch" width="69" height="19" border="0" /></a></td> </tr> </table> <p align="center"><img src="ssh/ssh.png" alt="" width="520" height="155" /></p> <div align="center"> <h1 class="subject">OpenSSH<br /> Section 3: Breaking Firewalls</h1> </div> <br /> <p align="center"><strong>Johannes Franken<br /></strong><kbd><jfranken@jfranken.de></kbd></p> <br /> <br /> On this page I show you, how to hide ssh in other protocols and tunnel it through firewalls.<br /> <br /> <table summary=""> <tr> <td bgcolor="#FFAAAA" class="border"><strong>Caution:</strong><br /> Passing security systems is forbidden. In this talk I try to establish an understanding for security vulnerabilities, so that you can protect yourself.</td> </tr> </table> <h1>Contents</h1> <ol type="1"> <li><a href="#ToC1"><strong>Motivation</strong></a></li> <li><a href="#ToC2"><strong>Using open ports</strong></a></li> <li><a href="#ToC3"><strong>Using existing proxy-servers</strong></a> <ol type="a"> <li><a href="#ToC4"><strong>ssh over http</strong></a> <ol type="i"> <li><a href="#ToC5"><strong>httptunnel</strong></a></li> </ol> </li> <li><a href="#ToC6"><strong>ssh over https</strong></a> <ol type="i"> <li><a href="#ToC7"><strong>ssh-https-tunnel</strong></a></li> <li><a href="#ToC8"><strong>transconnect</strong></a></li> <li><a href="#ToC9"><strong>proxytunnel</strong></a></li> </ol> </li> </ol> </li> <li><a href="#ToC10"><strong>Recommendations</strong></a></li> <li><a href="#ToC11"><strong>Further readings</strong></a></li> </ol> <h1><a name="ToC1">Motivation</a></h1> ssh-connections pose an enormous risk to companies, as employees can use them to setup tunnels and transfer files, disregarding of any Logfiles and virus scanners. <p align="center"><img src="ssh/vorbei.png" width="640" alt="" height="113" /></p> <p>That's why many companies disallow access to port 22 of any Internet adresses on their router- and firewall-devices. But, since today practically no company can abstain from access to the Internet, they usually have certain holes in their firewall policies. In this talk I will show you, how to explore and (ab?)use them for ssh connections.</p> <p>Applying your knowledge from <a href="ssh2.en.html" target="_parent">part 2</a> (particularly ppp-over-ssh), it is trivial to make arbitrary IP-connections through almost any firewall.</p> <div class="pagebreak"> </div>  <h1><a name="ToC2">Using open ports</a></h1> First you should check if the firewall basically lets certain ports pass. I recommend using the <kbd>nmap</kbd> portscanner of <a href="http://www.nmap.org" target="_blank">www.nmap.org</a>:<br /> <div align="center"> <table summary=""> <tr> <td bgcolor="#DDDDFF" class="border" align="left"> <pre> root@hamster$ <strong>nmap -sA -p 1-65535 www.jfranken.de</strong> Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ ) Interesting ports on www.jfranken.de (195.88.176.20): (The 21 ports scanned but not shown below are in state: filtered) Port State Service 25/tcp UNfiltered smtp 80/tcp UNfiltered http 443/tcp UNfiltered https Nmap run completed -- 1 IP address (1 host up) scanned in 5138 seconds </pre></td> </tr> </table> </div> <br /> <p>If there's even one single port found to be <kbd>unfiltered</kbd> (like port 80 in this example), you can run another <kbd>sshd</kbd> on that port at your server:</p> <p align="center"><img src="ssh/andererport1.png" width="640" alt="" height="147" /></p> or redirect queries from that port to port 22 using <kbd>ssh</kbd>, <kbd>inetd</kbd>/<kbd>nc</kbd>, <kbd>xinetd</kbd> or firewall rules: <p align="center"><img src="ssh/andererport2.png" width="640" alt="" height="147" /></p> <p>For an example, see <a href="ssh2.en.html" target="_parent">Part 2</a>.</p> For the client side, either supply the parameter <kbd>-p 80</kbd> to every call to ssh, or permanently configure the port in <kbd>~/.ssh/config</kbd>:<br /> <div align="center"> <table summary=""> <tr> <td bgcolor="#DDDDFF" class="border" align="left"> <pre> Host www.jfranken.de Port 80 User jfranken </pre></td> </tr> </table> </div> <br /> <div class="pagebreak"> </div>  <h1><a name="ToC3">Using existing proxy-servers</a></h1> If (according to <kbd>nmap</kbd>) your box can't access any port in the Internet, but you've got web-access via proxy-servers, you can have that proxy-server forward your ssh-connections to the Internet. <h2><a name="ToC4">ssh over http</a></h2> <h3><a name="ToC5">httptunnel</a></h3> <kbd>httptunnel</kbd> makes a remote server's tcp port locally available. The connection runs over two little programs (<kbd>hts</kbd> and <kbd>htc</kbd>), which communicate in http like a browser and webserver. <p align="center"><img src="ssh/httptunnel2.png" width="640" alt="" height="117" /></p> <p>Setup:</p> <ul> <li>on the server (as root, because port 80 < 1024):<br /> <div align="center"> <table summary=""> <tr> <td bgcolor="#DDDDFF" class="border" align="left"> <pre> $ hts --no-daemon --forward-port localhost:22 80 </pre></td> </tr> </table> </div> <br /></li> <li>on the client:<br /> <div align="center"> <table summary=""> <tr> <td bgcolor="#DDDDFF" class="border" align="left"> <pre> $ htc --no-daemon --forward-port 8888 --proxy proxy:8080 --proxy-authorization jfranken:geheim hamster:80 & $ ssh -p 8888 -o NoHostAuthenticationForLocalhost=yes localhost </pre></td> </tr> </table> </div> <br /></li> </ul> <p>My version of httptunnel (v3.3) still has some bugs:</p> <ul> <li>only one connection at a time can use the tunnel</li> <li>a bug makes <kbd>hts</kbd> miss the end of proxied connections. You have to kill and restart it after each session.</li> </ul> <br /> <table summary=""> <tr> <td bgcolor="#FFFFAA" class="border"><strong>More about:</strong><br /> see: <a href="http://www.nocrew.org/software/httptunnel.html" target="_blank">httptunnel homepage</a></td> </tr> </table> <div class="pagebreak"> </div>  <h2><a name="ToC6">ssh over https</a></h2> <p align="center"><img src="ssh/ssh-https-tunnel.png" width="640" alt="" height="117" /></p> <h3><a name="ToC7">ssh-https-tunnel</a></h3> The perl-script <a href="http://www.snurgle.org/~griffon/ssh-https-tunnel" target="_blank">ssh-https-tunnel</a> sends a CONNECT-request to your proxy-server, thus directing it to open a TCP-connection with a remote host's port. Then it will allow communication to that port at stdin/stdout. <p>An <a href="http://www.aschemann.net/download/ssh-https-tunnel/" target="_blank">update</a> by Gerd Aschemann <kbd><gerd@aschemann.net></kbd> simplifies the configuration, so that you don't need to store the proxy settings in the source code any more, because it will read them from your <kbd>HTTP_PROXY</kbd> environment variable or the file <kbd>~/.ssh/https-proxy.conf</kbd>.<br /></p> <div align="center"> <table summary=""> <tr> <td bgcolor="#DDDDFF" class="border" align="left"> <pre> $ <strong>HTTP_PROXY=http://proxy:8080 ./ssh-https-tunnel gate.jfranken.de 25</strong> 220 gate.jfranken.de ESMTP Exim 3.35 #1 Fri, 13 Sep 2002 18:08:13 +0200 <strong>HELO abc</strong> 250 gate.jfranken.de Hello proxy.jfranken.de [192.168.42.2] <strong>QUIT</strong> 221 gate.jfranken.de closing connection $ </pre></td> </tr> </table> </div> <br /> This is what the proxyservers loggs, after the connection is over:<br /> <div align="center"> <table summary=""> <tr> <td bgcolor="#DDDDFF" class="border" align="left"> <pre> proxy:~# <strong>tail -1 /var/log/squid/access.log| fmt</strong> 1031933305.366 11857 192.168.42.20 TCP_MISS/200 213 CONNECT gate.jfranken.de:25 - DIRECT/192.168.42.1 - </pre></td> </tr> </table> </div> <br /> <p>Of course, you can also drive ssh through such a tunnel. If the proxyserver is well configured or sitting behind a firewall, https-connections might be allowed to port 443 only. In this case, you can start another ssh-demon on port 443 or forward it to your already running sshd on port 22 (for example with <kbd>ssh -gL 443:localhost:22 localhost</kbd>) or xinetd).</p> <p>Setup:</p> <ul> <li>append the following lines to your <kbd>~/.ssh/config</kbd> file:<br /> <div align="center"> <table summary=""> <tr> <td bgcolor="#DDDDFF" class="border" align="left"> <pre> host gate.jfranken.de ProxyCommand ~/.ssh/ssh-https-tunnel %h %p Port 443 </pre></td> </tr> </table> </div> <br /></li> <li>store the proxyserver in the file <kbd>~/.ssh/https-proxy.conf</kbd>:<br /> <div align="center"> <table summary=""> <tr> <td bgcolor="#DDDDFF" class="border" align="left"> <pre> host=proxy port=8080 </pre></td> </tr> </table> </div> <br /></li> </ul> <p>And from now on the connection to the ssh-demon at <kbd>gate:443</kbd> will take it's way via the proxyserver:<br /></p> <div align="center"> <table summary=""> <tr> <td bgcolor="#DDDDFF" class="border" align="left"> <pre> $ <strong>ssh -v gate.jfranken.de</strong> OpenSSH_3.4p1 Debian 1:3.4p1-2, SSH protocols 1.5/2.0, OpenSSL 0x0090605f debug1: Reading configuration data /export/home/jfranken/.ssh/config debug1: Applying options for gate.jfranken.de debug1: Applying options for * [...] debug1: Executing proxy command: ~/.ssh/ssh-https-tunnel gate.jfranken.de 443 [...] debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9.9p2 [...] Last login: Fri Sep 13 18:28:31 2002 from p5080d740.dip.t-dialin.net Have a lot of fun... jfranken@gate:~$ </pre></td> </tr> </table> </div> <br /> <h3><a name="ToC8">transconnect</a></h3> <kbd>transconnect</kbd> is a C-library, which replaces the connect-function of glibc in a way, so that any connection establishment is directed over a proxy server. Thus it will work for dynamically linked binaries only (check with <kbd>ldd</kbd>). It's advantage over any port-based tunneling tool is it's flexibility: it will automatically direct <em>any</em> port over the proxyserver.<br /> <div align="center"> <table summary=""> <tr> <td bgcolor="#DDDDFF" class="border" align="left"> <pre> $ <strong>LD_PRELOAD=~/.tconn/tconn.so netcat hamster daytime</strong> Sat Sep 14 11:25:49 2002 </pre></td> </tr> </table> </div> <br /> <p>see <a href="http://transconnect.sourceforge.net/" target="_blank">transconnect Project Home Page</a></p> <h3><a name="ToC9">proxytunnel</a></h3> <kbd>proxytunnel</kbd> is a C-program, and makes a remote port behind an https proxyserver locally available - either as pipe or listening port. You can even configure it to start on demand (from inetd). <p>It's got a straight syntax:<br /></p> <div align="center"> <table summary=""> <tr> <td bgcolor="#DDDDFF" class="border" align="left"> <pre> $ <strong>./proxytunnel-linux-i386 --help</strong> Proxytunnel 1.1.0 Jos Visser (Muppet) <josv@osp.nl>, Mark Janssen (Maniac) <maniac@maniac.nl> Purpose: Build generic tunnels trough HTTPS proxy's, supports HTTP authorization Usage: Proxytunnel [OPTIONS]... -h --help Print help and exit -V --version Print version and exit -c --config=FILE Read config options from file (FIXME) -i --inetd Run from inetd (default=off) -a INT --standalone=INT Run as standalone daemon on specified port -f --nobackground Don't for to background in standalone mode (FIXME) -u STRING --user=STRING Username to send to HTTPS proxy for auth -s STRING --pass=STRING Password to send to HTTPS proxy for auth -g STRING --proxyhost=STRING HTTPS Proxy host to connect to -G INT --proxyport=INT HTTPS Proxy portnumber to connect to -d STRING --desthost=STRING Destination host to built the tunnel to -D INT --destport=INT Destination portnumber to built the tunnel to -n --dottedquad Convert destination hostname to dotted quad -v --verbose Turn on verbosity (default=off) -q --quiet Suppress messages (default=off) Examples: Proxytunnel [ -h | -V ] Proxytunnel -i [ -u user -s pass ] -g host -G port -d host -D port [ -n ] [ -v | -q ] Proxytunnel -a port [ -u user -s pass ] -g host -G port -d host -D port [ -n ] [ -v | -q ] </pre></td> </tr> </table> </div> <br /> <p>Examples:</p> <ul> <li>as pipe:<br /> <div align="center"> <table summary=""> <tr> <td bgcolor="#DDDDFF" class="border" align="left"> <pre> $ <strong>ssh -o ProxyCommand=./proxytunnel-linux-i386 -g proxy -G 8080 -d %h -D %p' gate</strong> Connected to proxy:8080 Starting tunnel Linux gate 2.2.19 #5 Wed May 1 20:15:01 CEST 2002 i586 unknown You have mail. Last login: Sat Sep 14 10:38:58 2002 from tp.jfranken.de jfranken@gate:~/ $ </pre></td> </tr> </table> </div> <br /></li> <li>as portforwarder:<br /> <div align="center"> <table summary=""> <tr> <td bgcolor="#DDDDFF" class="border" align="left"> <pre> $ <strong>./proxytunnel-linux-i386 -a 8888 -g proxy -G 8080 -d hamster -D 22</strong> Forked into the background with pid 1524 $ <strong>ssh -p 8888 -o NoHostAuthenticationForLocalhost=yes localhost</strong> Last login: Sat Sep 14 10:54:42 2002 from gate.jfranken.de jfranken@hamster:~/ $ </pre></td> </tr> </table> </div> <br /></li> </ul> Of course, you can configure that permanently in your <kbd>~/.ssh/config</kbd> file:<br /> <div align="center"> <table summary=""> <tr> <td bgcolor="#DDDDFF" class="border" align="left"> <pre> Host gate-via-proxy Hostname gate.jfranken.de ProxyCommand "proxytunnel-linux-i386 -g proxy -G 3128 -d %h -D %p" </pre></td> </tr> </table> </div> <br /> <br /> <table summary=""> <tr> <td bgcolor="#FFFFAA" class="border"><strong>More about:</strong><br /> see: see <a href="http://proxytunnel.sourceforge.net/" target="_blank">proxytunnel project homepage</a></td> </tr> </table> <h1><a name="ToC10">Recommendations</a></h1> The best way to keep unwanted ssh-connections to the Internet from your network is to completely disallow Internet access in your LAN. Don't have proxyservers accessible to any LAN client. Have the browsers running in a DMZ and redirect their output to the workstations via X11, Citrix Metaframe, VNC a.s.o. <h1><a name="ToC11">Further readings</a></h1> <ul> <li><a href="http://www.employees.org/~satch/ssh/faq/ssh-faq.html" target="_blank">The Secure Shell TM Frequently Asked Questions</a></li> <li><a href="http://www.openssh.org/" target="_blank">OpenSSH Project Page</a></li> </ul> <div class="noprint"> <hr /> <table width="100%" summary=""> <tr> <td align="left" valign="middle"><font size="-2">$Id: ssh3.wml,v 1.32 2006/01/08 18:52:11 jfranken Exp $ <a href= "ssh3.log.html">[ChangeLog]</a><br /> $Id: template.inc,v 1.82 2010-09-04 12:58:17 jfranken Exp $ <a href="../../../template.log.html">[ChangeLog]</a><br /> © Johannes Franken. <a href="../../../impressum/rechtliches.en.html" target="_parent">Imprint and disclaimer</a></font></td> <td align="right" valign="middle"><a href="http://validator.w3.org/check/referer" target="w3c"><img border="0" src= "../../../images/valid-xhtml10.png" alt="Valid XHTML 1.0!" width="88" height="31" /></a></td> </tr> </table> </div> <hr /> <h1>Navigation:</h1> <font size="1"><script type="text/javascript" language="JavaScript"> //<![CDATA[  //]]> </script> <script type="text/javascript" language="JavaScript"> //<![CDATA[  //]]> </script> <a href="../../../startseite.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_startseite', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_startseite'); return true" onfocus="nb_imgOver('nb_img1_startseite', 0, ''); return true" onblur= "nb_imgNormal('nb_img1_startseite'); return true"><img name="nb_img1_startseite" src= "../../../images/startseite-std.en.png" border="0" alt="Home" width="52" height="26" /></a><br /> <a href="../../../unternehmen.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_unternehmen', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_unternehmen'); return true" onfocus="nb_imgOver('nb_img1_unternehmen', 0, ''); return true" onblur= "nb_imgNormal('nb_img1_unternehmen'); return true"><img name="nb_img1_unternehmen" src= "../../../images/unternehmen-std.en.png" border="0" alt="Company" width="80" height="26" /></a><br /> <a href="../../../homepages.en.html" target="_top" onmouseover="nb_imgOver('nb_img1_homepages', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_homepages'); return true" onfocus= "nb_imgOver('nb_img1_homepages', 0, ''); return true" onblur= "nb_imgNormal('nb_img1_homepages'); return true"><img name="nb_img1_homepages" src= "../../../images/homepages-std.en.png" border="0" alt="Homepages" width="98" height="26" /></a> <script type= "text/javascript" language="JavaScript"> //<![CDATA[  //]]> </script> <script type="text/javascript" language="JavaScript"> //<![CDATA[  //]]> </script><br /> <img src="../../../images/transparentpixel.png" alt=" " width="10" height="1" align="bottom" border="0" /><a href= "../../../homepages/johannes.en.html" target="_top" onmouseover="nb_imgOver('nb_img1_johannes', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_johannes'); return true" onfocus="nb_imgOver('nb_img1_johannes', 0, ''); return true" onblur="nb_imgNormal('nb_img1_johannes'); return true"><img name="nb_img1_johannes" src= "../../../images/johannes-std.en.png" border="0" alt="Johannes" width="76" height="26" /></a> <script type= "text/javascript" language="JavaScript"> //<![CDATA[  //]]> </script> <script type="text/javascript" language="JavaScript"> //<![CDATA[  //]]> </script><br /> <img src="../../../images/transparentpixel.png" alt="  " width="20" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/vortraege.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_vortraege', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_vortraege'); return true" onfocus="nb_imgOver('nb_img1_vortraege', 0, ''); return true" onblur= "nb_imgNormal('nb_img1_vortraege'); return true"><img name="nb_img1_vortraege" src= "../../../images/vortraege-std.en.png" border="0" alt="Talks" width="46" height="26" /></a> <script type= "text/javascript" language="JavaScript"> //<![CDATA[  //]]> </script> <script type="text/javascript" language="JavaScript"> //<![CDATA[  //]]> </script><br /> <img src="../../../images/transparentpixel.png" alt="   " width="30" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/vortraege/apache.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_apache', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_apache'); return true" onfocus= "nb_imgOver('nb_img1_apache', 0, ''); return true" onblur="nb_imgNormal('nb_img1_apache'); return true"><img name= "nb_img1_apache" src="../../../images/apache-std.en.png" border="0" alt="apache" width="58" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="   " width="30" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/vortraege/bind.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_bind', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_bind'); return true" onfocus= "nb_imgOver('nb_img1_bind', 0, ''); return true" onblur="nb_imgNormal('nb_img1_bind'); return true"><img name= "nb_img1_bind" src="../../../images/bind-std.en.png" border="0" alt="bind" width="35" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="   " width="30" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/vortraege/flypaper.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_flypaper', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_flypaper'); return true" onfocus="nb_imgOver('nb_img1_flypaper', 0, ''); return true" onblur= "nb_imgNormal('nb_img1_flypaper'); return true"><img name="nb_img1_flypaper" src="../../../images/flypaper-std.en.png" border="0" alt="flypaper" width="66" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="   " width="30" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/vortraege/lsof.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_lsof', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_lsof'); return true" onfocus= "nb_imgOver('nb_img1_lsof', 0, ''); return true" onblur="nb_imgNormal('nb_img1_lsof'); return true"><img name= "nb_img1_lsof" src="../../../images/lsof-std.en.png" border="0" alt="lsof" width="29" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="   " width="30" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/vortraege/linux1.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_linux1', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_linux1'); return true" onfocus= "nb_imgOver('nb_img1_linux1', 0, ''); return true" onblur="nb_imgNormal('nb_img1_linux1'); return true"><img name= "nb_img1_linux1" src="../../../images/linux1-std.en.png" border="0" alt="Linux 1" width="61" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="   " width="30" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/vortraege/linux2.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_linux2', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_linux2'); return true" onfocus= "nb_imgOver('nb_img1_linux2', 0, ''); return true" onblur="nb_imgNormal('nb_img1_linux2'); return true"><img name= "nb_img1_linux2" src="../../../images/linux2-std.en.png" border="0" alt="Linux 2" width="62" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="   " width="30" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/vortraege/linux3.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_linux3', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_linux3'); return true" onfocus= "nb_imgOver('nb_img1_linux3', 0, ''); return true" onblur="nb_imgNormal('nb_img1_linux3'); return true"><img name= "nb_img1_linux3" src="../../../images/linux3-std.en.png" border="0" alt="Linux 3" width="62" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="   " width="30" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/vortraege/vi.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_vi', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_vi'); return true" onfocus= "nb_imgOver('nb_img1_vi', 0, ''); return true" onblur="nb_imgNormal('nb_img1_vi'); return true"><img name="nb_img1_vi" src="../../../images/vi-std.en.png" border="0" alt="vi" width="15" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="   " width="30" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/vortraege/lamp.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_lamp', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_lamp'); return true" onfocus= "nb_imgOver('nb_img1_lamp', 0, ''); return true" onblur="nb_imgNormal('nb_img1_lamp'); return true"><img name= "nb_img1_lamp" src="../../../images/lamp-std.en.png" border="0" alt="LAMP" width="58" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="   " width="30" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/vortraege/make.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_make', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_make'); return true" onfocus= "nb_imgOver('nb_img1_make', 0, ''); return true" onblur="nb_imgNormal('nb_img1_make'); return true"><img name= "nb_img1_make" src="../../../images/make-std.en.png" border="0" alt="make" width="48" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="   " width="30" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/vortraege/mirroring.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_mirroring', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_mirroring'); return true" onfocus="nb_imgOver('nb_img1_mirroring', 0, ''); return true" onblur= "nb_imgNormal('nb_img1_mirroring'); return true"><img name="nb_img1_mirroring" src= "../../../images/mirroring-std.en.png" border="0" alt="Mirroring" width="78" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="   " width="30" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/vortraege/netcat.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_netcat', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_netcat'); return true" onfocus= "nb_imgOver('nb_img1_netcat', 0, ''); return true" onblur="nb_imgNormal('nb_img1_netcat'); return true"><img name= "nb_img1_netcat" src="../../../images/netcat-std.en.png" border="0" alt="netcat" width="55" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="   " width="30" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/vortraege/ntpd.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_ntpd', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_ntpd'); return true" onfocus= "nb_imgOver('nb_img1_ntpd', 0, ''); return true" onblur="nb_imgNormal('nb_img1_ntpd'); return true"><img name= "nb_img1_ntpd" src="../../../images/ntpd-std.en.png" border="0" alt="Time-sync" width="86" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="   " width="30" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/vortraege/rcs.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_rcs', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_rcs'); return true" onfocus= "nb_imgOver('nb_img1_rcs', 0, ''); return true" onblur="nb_imgNormal('nb_img1_rcs'); return true"><img name= "nb_img1_rcs" src="../../../images/rcs-std.en.png" border="0" alt="rcs" width="25" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="   " width="30" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/vortraege/squid.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_squid', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_squid'); return true" onfocus= "nb_imgOver('nb_img1_squid', 0, ''); return true" onblur="nb_imgNormal('nb_img1_squid'); return true"><img name= "nb_img1_squid" src="../../../images/squid-std.en.png" border="0" alt="squid" width="42" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="   " width="30" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/vortraege/solaris.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_solaris', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_solaris'); return true" onfocus= "nb_imgOver('nb_img1_solaris', 0, ''); return true" onblur="nb_imgNormal('nb_img1_solaris'); return true"><img name= "nb_img1_solaris" src="../../../images/solaris-std.en.png" border="0" alt="Solaris" width="52" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="   " width="30" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/vortraege/ssh1.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_ssh1', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_ssh1'); return true" onfocus= "nb_imgOver('nb_img1_ssh1', 0, ''); return true" onblur="nb_imgNormal('nb_img1_ssh1'); return true"><img name= "nb_img1_ssh1" src="../../../images/ssh1-std.en.png" border="0" alt="ssh 1" width="41" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="   " width="30" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/vortraege/ssh2.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_ssh2', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_ssh2'); return true" onfocus= "nb_imgOver('nb_img1_ssh2', 0, ''); return true" onblur="nb_imgNormal('nb_img1_ssh2'); return true"><img name= "nb_img1_ssh2" src="../../../images/ssh2-std.en.png" border="0" alt="ssh 2" width="42" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="   " width="30" height="1" align="bottom" border= "0" /><img src="../../../images/ssh3-sel.en.png" alt="ssh 3*" width="42" height="26" /><br /> <img src="../../../images/transparentpixel.png" alt="   " width="30" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/vortraege/tcpip1.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_tcpip1', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_tcpip1'); return true" onfocus= "nb_imgOver('nb_img1_tcpip1', 0, ''); return true" onblur="nb_imgNormal('nb_img1_tcpip1'); return true"><img name= "nb_img1_tcpip1" src="../../../images/tcpip1-std.en.png" border="0" alt="tcp/ip 1" width="67" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="   " width="30" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/vortraege/tcpip2.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_tcpip2', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_tcpip2'); return true" onfocus= "nb_imgOver('nb_img1_tcpip2', 0, ''); return true" onblur="nb_imgNormal('nb_img1_tcpip2'); return true"><img name= "nb_img1_tcpip2" src="../../../images/tcpip2-std.en.png" border="0" alt="tcp/ip 2" width="68" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="  " width="20" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/books.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_books', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_books'); return true" onfocus= "nb_imgOver('nb_img1_books', 0, ''); return true" onblur="nb_imgNormal('nb_img1_books'); return true"><img name= "nb_img1_books" src="../../../images/books-std.en.png" border="0" alt="Books" width="54" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="  " width="20" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/j_fotos.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_j_fotos', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_j_fotos'); return true" onfocus= "nb_imgOver('nb_img1_j_fotos', 0, ''); return true" onblur="nb_imgNormal('nb_img1_j_fotos'); return true"><img name= "nb_img1_j_fotos" src="../../../images/j_fotos-std.en.png" border="0" alt="Photos" width="60" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="  " width="20" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/leisure.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_leisure', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_leisure'); return true" onfocus= "nb_imgOver('nb_img1_leisure', 0, ''); return true" onblur="nb_imgNormal('nb_img1_leisure'); return true"><img name= "nb_img1_leisure" src="../../../images/leisure-std.en.png" border="0" alt="Leisure" width="58" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="  " width="20" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/j_humor.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_j_humor', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_j_humor'); return true" onfocus= "nb_imgOver('nb_img1_j_humor', 0, ''); return true" onblur="nb_imgNormal('nb_img1_j_humor'); return true"><img name= "nb_img1_j_humor" src="../../../images/j_humor-std.en.png" border="0" alt="Humor" width="60" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="  " width="20" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/kenntnisse.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_kenntnisse', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_kenntnisse'); return true" onfocus="nb_imgOver('nb_img1_kenntnisse', 0, ''); return true" onblur= "nb_imgNormal('nb_img1_kenntnisse'); return true"><img name="nb_img1_kenntnisse" src= "../../../images/kenntnisse-std.en.png" border="0" alt="Experiences" width="97" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="  " width="20" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/j_lebenslauf.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_j_lebenslauf', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_j_lebenslauf'); return true" onfocus="nb_imgOver('nb_img1_j_lebenslauf', 0, ''); return true" onblur= "nb_imgNormal('nb_img1_j_lebenslauf'); return true"><img name="nb_img1_j_lebenslauf" src= "../../../images/j_lebenslauf-std.en.png" border="0" alt="Vitae" width="45" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="  " width="20" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/j_wunschliste.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_j_wunschliste', 0, ''); return true" onmouseout= "nb_imgNormal('nb_img1_j_wunschliste'); return true" onfocus="nb_imgOver('nb_img1_j_wunschliste', 0, ''); return true" onblur="nb_imgNormal('nb_img1_j_wunschliste'); return true"><img name="nb_img1_j_wunschliste" src= "../../../images/j_wunschliste-std.en.png" border="0" alt="Wishlist" width="64" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt="  " width="20" height="1" align="bottom" border= "0" /><a href="../../../homepages/johannes/j_pgp.en.html" target="_top" onmouseover= "nb_imgOver('nb_img1_j_pgp', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_j_pgp'); return true" onfocus= "nb_imgOver('nb_img1_j_pgp', 0, ''); return true" onblur="nb_imgNormal('nb_img1_j_pgp'); return true"><img name= "nb_img1_j_pgp" src="../../../images/j_pgp-std.en.png" border="0" alt="PGP" width="42" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt=" " width="10" height="1" align="bottom" border="0" /><a href= "../../../homepages/beate.en.html" target="_top" onmouseover="nb_imgOver('nb_img1_beate', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_beate'); return true" onfocus="nb_imgOver('nb_img1_beate', 0, ''); return true" onblur="nb_imgNormal('nb_img1_beate'); return true"><img name="nb_img1_beate" src="../../../images/beate-std.en.png" border="0" alt="Beate" width="51" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt=" " width="10" height="1" align="bottom" border="0" /><a href= "../../../homepages/sarah.en.html" target="_top" onmouseover="nb_imgOver('nb_img1_sarah', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_sarah'); return true" onfocus="nb_imgOver('nb_img1_sarah', 0, ''); return true" onblur="nb_imgNormal('nb_img1_sarah'); return true"><img name="nb_img1_sarah" src="../../../images/sarah-std.en.png" border="0" alt="Sarah" width="48" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt=" " width="10" height="1" align="bottom" border="0" /><a href= "../../../homepages/hannah.en.html" target="_top" onmouseover="nb_imgOver('nb_img1_hannah', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_hannah'); return true" onfocus="nb_imgOver('nb_img1_hannah', 0, ''); return true" onblur="nb_imgNormal('nb_img1_hannah'); return true"><img name="nb_img1_hannah" src="../../../images/hannah-std.en.png" border="0" alt="Hannah" width="64" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt=" " width="10" height="1" align="bottom" border="0" /><a href= "../../../homepages/lena.en.html" target="_top" onmouseover="nb_imgOver('nb_img1_lena', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_lena'); return true" onfocus="nb_imgOver('nb_img1_lena', 0, ''); return true" onblur= "nb_imgNormal('nb_img1_lena'); return true"><img name="nb_img1_lena" src="../../../images/lena-std.en.png" border="0" alt="Lena" width="41" height="26" /></a><br /> <img src="../../../images/transparentpixel.png" alt=" " width="10" height="1" align="bottom" border="0" /><a href= "../../../homepages/kids.en.html" target="_top" onmouseover="nb_imgOver('nb_img1_kids', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_kids'); return true" onfocus="nb_imgOver('nb_img1_kids', 0, ''); return true" onblur= "nb_imgNormal('nb_img1_kids'); return true"><img name="nb_img1_kids" src="../../../images/kids-std.en.png" border="0" alt="Siblings" width="60" height="26" /></a><br /> <a href="../../../gaestebuch.en.html" target="_top" onmouseover="nb_imgOver('nb_img1_gaestebuch', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_gaestebuch'); return true" onfocus= "nb_imgOver('nb_img1_gaestebuch', 0, ''); return true" onblur= "nb_imgNormal('nb_img1_gaestebuch'); return true"><img name="nb_img1_gaestebuch" src= "../../../images/gaestebuch-std.en.png" border="0" alt="Guestbook" width="91" height="26" /></a><br /> <a href="../../../impressum.en.html" target="_top" onmouseover="nb_imgOver('nb_img1_impressum', 0, ''); return true" onmouseout="nb_imgNormal('nb_img1_impressum'); return true" onfocus= "nb_imgOver('nb_img1_impressum', 0, ''); return true" onblur= "nb_imgNormal('nb_img1_impressum'); return true"><img name="nb_img1_impressum" src= "../../../images/impressum-std.en.png" border="0" alt="About" width="54" height="26" /></a></font><br /> <br /> <br /> <form method="get" action="http://www.google.com/custom" target="jfrankeninhalt"><img src= "../../../images/transparentpixel.png" alt=" " width="190" height="2" align="bottom" border="0" /><br /> <img src="../../../images/transparentpixel.png" alt=" " width="8" height="1" align="bottom" border="0" /><img src= "../../../images/google16x16.png" alt="" width="16" height="19" /><img src="../../../images/transparentpixel.png" alt= " " width="8" height="1" align="bottom" border="0" /><input type="image" name="sa" value="Search" src= "../../../images/Suche.en.png" alt="Search:" /><br /> <img src="../../../images/transparentpixel.png" alt=" " width="32" height="1" align="bottom" border="0" /><input type= "text" name="q" size="10" maxlength="255" value="" style= "color:#ddddff;border-color:#ddddff;background:#112277" /><input type="hidden" name="cof" value= "T:000000;LW:540;ALC:112277;L:http://www.jfranken.de/images/toptext_FRANKEN--IT-CONCEPTS.png;LC:112277;LH:53;BGC:ffffff;AH:left;VLC:112277;AWFID:ec81011eb1f53f99;" /><input type="hidden" name="domains" value="www.jfranken.de" /><br /> <input type="hidden" name="sitesearch" value="www.jfranken.de" /></form> <script type="text/javascript" language="JavaScript"> //<![CDATA[ function ro_imgNormal(imgName) { if (document.images) { document[imgName].src = eval(imgName + '_n.src'); self.status = ''; } } function ro_imgOver(imgName, descript) { if (document.images) { document[imgName].src = eval(imgName + '_o.src'); self.status = descript; } } //]]> </script><br /> <img src="../../../images/transparentpixel.png" alt=" " width="190" height="2" align="bottom" border="0" /><br /> <img src="../../../images/transparentpixel.png" alt=" " width="8" height="1" align="bottom" border="0" /><img src= "../../../images/feed-icon-16x16.png" alt="" width="16" height="19" /><img src="../../../images/transparentpixel.png" alt=" " width="8" height="1" align="bottom" border="0" /><img src="../../../images/NewsFeeds.png" alt="NewsFeeds" width="67" height="19" /><br /> <img src="../../../images/transparentpixel.png" alt=" " width="32" height="1" align="bottom" border="0" /> <script type="text/javascript" language="JavaScript"> //<![CDATA[  //]]> </script><a href="http://www.jfranken.de/feed-rss2.en.xml" target="_blank" onmouseover= "ro_imgOver('ro_img_unknown4', 'RSS2-Feed'); return true" onmouseout="ro_imgNormal('ro_img_unknown4'); return true" onfocus="ro_imgOver('ro_img_unknown4', 'RSS2-Feed'); return true" onblur= "ro_imgNormal('ro_img_unknown4'); return true"><img name="ro_img_unknown4" src="../../../images/feed-rss2.png" alt= "RSS2-Feed" width="70" height="15" border="0" /></a><br /> <img src="../../../images/transparentpixel.png" alt=" " width="32" height="1" align="bottom" border="0" /> <script type="text/javascript" language="JavaScript"> //<![CDATA[  //]]> </script><a href="http://www.jfranken.de/feed-atom1.en.xml" target="_blank" onmouseover= "ro_imgOver('ro_img_unknown5', 'ATOM1-Feed'); return true" onmouseout="ro_imgNormal('ro_img_unknown5'); return true" onfocus="ro_imgOver('ro_img_unknown5', 'ATOM1-Feed'); return true" onblur= "ro_imgNormal('ro_img_unknown5'); return true"><img name="ro_img_unknown5" src="../../../images/feed-atom1.png" alt= "ATOM1-Feed" width="70" height="15" border="0" /></a><br /> <img src="../../../images/transparentpixel.png" alt=" " width="32" height="1" align="bottom" border="0" /> <script type="text/javascript" language="JavaScript"> //<![CDATA[  //]]> </script><a href="../../../impressum/feeds.en.html" target="_parent" onmouseover= "ro_imgOver('ro_img_unknown6', 'Subscribe'); return true" onmouseout="ro_imgNormal('ro_img_unknown6'); return true" onfocus="ro_imgOver('ro_img_unknown6', 'Subscribe'); return true" onblur= "ro_imgNormal('ro_img_unknown6'); return true"><img name="ro_img_unknown6" src="../../../images/Subscribe.en.png" alt= "Subscribe" width="65" height="19" border="0" /></a> </body>