IT notes

Bypass AllowTcpForwarding

To bypass AllowTcpForwarding no try using socat and nc: socat TCP-LISTEN:<local port>,reuseaddr,fork "EXEC:ssh <server> nc localhost <remote port>" For example from your desktop run: socat TCP-LISTEN:8080,reuseaddr,fork "EXEC:ssh 1.2.3.4 nc 10.0.0.1 3000" This will listen on local port 8080 connect via ssh to 1.2.3.4 and use nc to connect 10.0.1.1:3000

netcat

As a replacement to telnet now that has been removed from macOS, netcat can be used. To test the response from a web server: echo -en "GET / HTTP/1.0\n\n\n" | nc google.com 80 If using HTTP/1.1 the host will be required: echo -en "GET / HTTP/1.1\nHost: google.com\n\n" | nc google.com 80 Test to see if port accepts connections: $ nc -vz google.com 80 found 0 associations found 1 connections: 1: flags=82<CONNECTED,PREFERRED> outif en1 src 192.

Port knocking

In computer networking, port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of prespecified closed ports. Once a correct sequence of connection attempts is received, the firewall rules are dynamically modified to allow the host which sent the connection attempts to connect over specific port(s). For example, Using PF on FreeBSD to only open port 22 after X number of attempts to connect on port 1234: