why unix | RBL service | netrs | please | ripcalc | linescroll
hosted services

hosted services

    Having to work behind a corporate firewall can be tedious. The environment where I work has three different corporate networks. Two networks behind one AS number whilst the third is isolated. They all suffer problems from time to time, such is the life of IP networks, yet I still need to connect to hosts on the internet. With most normal corporate firewalls the end user is able to connect via CONNECT or through a SOCKS gateway, but with NT proxy servers things a little different, you need to authenticate in the NTLM (NT LAN Manager) special ways, something PuTTY cannot do.

    This is what really annoys me, in order to use standard tools in windows, you have to jump through hoops. It's not security, it's obscurity.

    The work around I found was to use cntlm which proxies requests for you. It does the authentication and runs a STANDARD service port. The sad thing is that in order to make the proxy usable again it leaves a port open on the host where it runs for your applications to connect through. You can put basic auth on if you wish, it's just a shame that the work around leaves something open.

    This minor problem pales in comparison to the major features that are available to you.

    First thing to do is download and unzip the cntlm package. Once you've done this you'll need to get a text editor (notepad perhaps) and begin editing the configuration. Pay attention to the part that tells you how to create the password hash, you may need to enter the username as Domain\User.

    The majority of what you'll need to is tell cntlm who you're going to try and authenticate as, then you'll need to tell it what services you want to allow through the daemon.

    pictures/cntlm.jpg

    So as you can see from the above image, we're running a standard proxy on port 3128 and a SOCKS proxy on 8010. This means we can point a HTTP client at localhost:3128 and something that is SOCKS aware (not many things are on windows and SOCKS wrappers are sparse) such as PuTTY at the localhost proxy.

    Configuring PuTTY is another matter, in sort, simply tell putty to use localhost on port 8010 (if that's what you configured it to use). Once you run the connection you should see proxy communication going on through the foreground cntlm process.