Idea of jttt - "Java TCP Tunneling Tool"
Unix name: jttt
Date:
Developers (user names in sourceforge.net)
jeffkorn
jiechau
Outlines:
1. The Design
2. Features of “Java TCP Tunneling Tool”
3. Project Schedule
4. The Upcoming Challenge
1. The Design
“Java TCP Tunneling Tool” is meant to construct a network mechanism
to extend the usage of most TCP services between Firewalls, and enable the
secure data transfer for these TCP services. This way both Client and Server can
be resided inside firewalls. The only thing you need to do is an Intermediate
Machine (running SSH daemon) located in the public internet (or, at least your Client
and Server can connect to this Intermediate Machine via SSH connection). Run
the “Java TCP Tunneling Tool” in Client, Server, and Intermediate Machine, and
you can easily build the tunnels. I believe this mechanism is very useful in
today’s network environment because the features of today’s network environment
are: widely use VPN (home or office usage) and most networks (LAN) allow
inside-out SSH connection (typically port 22).
The “Java TCP Tunneling Tool” is written in JAVA, implemented as JAVA application now but will further extend to JAVA applet for the Client and Server parts. The “Java TCP Tunneling Tool” extends the JAVA SSH API [*] to build the SSH connection between End System (TCP service Server or Client) and the Intermediate Machine, and then build the tunnels via SSH Port Forwarding ability.
Above is an example of how jttt works. The Server (Machine 2) runs a TCP service on port 80 (say, it’s a web server for example). Instead of the direct connect from Client to Server, we use jttt to patch this connection. The jttt program on Client (Machine 1) will build a SSH connection to the Intermediate Machine, and forward the data (coming into local port 5900) to Intermediate Machine port 9001. The jttt program on Server will build a SSH connection to the Intermediate Machine, and forward the data (coming into Intermediate Machine port 9001) to its local port 80. Now the user application in Client only needs to connect to its local port 5900, and it is eventually connected to Server port 80.
2. Features of “Java TCP Tunneling Tool”
(1).Provide secure data transfer: The data transmission of those TCP
services would not be plain text stream exploring in the wide internet anymore.
(2).Firewall penetration: By using an Intermediate Machine, both
Client and Server can build connections that will be patched through the
Intermediate Machine.
(3).Connection Management and Monitor: In the Intermediate Machine
you could monitor the current connections.
3. Project Schedule
There are two stages about this project:
(1).Implement "Java TCP Tunneling Tool" as JAVA application: In this stage, I will first try to achieve the “Java TCP Tunneling Tool” as JAVA application running from command windows. You need to install and run “Java TCP Tunneling Tool” in the Client, Server, and Intermediate Machine.
(2).Implement “Java TCP Tunneling Tool” as JAVA Applet: In this
stage, I will try to implement “Java TCP Tunneling Tool” as JAVA Applet. This
way we only need to run a web site in the Intermediate Machine (which handle
and incoming connection and manage the port forwarding for Client-Server pairs).
For Client and Server parts, they only need to open the web browser, connecting
to the web site in the Intermediate Machine, and running the Applet. This would
be easier and more user friendly for the Client and Server. Another advantage
is that the application only needs to be installed in the Intermediate Machine,
which is easier for administration.
4. The Upcoming Challenge
When this project runs to stage 2, it would be a big challenge to use Applet to launch the SSH connection and tunnel. There will be some security issues to be concerned, like how to achieve the Port Forwarding via an Applet program.
[*]
"SSHTools - Java SSH Solutions" (UNIX name: sshtools) is a SourceForge.net project admin/develpoed by martianx and rpernavas. (http://sourceforge.net/projects/sshtools/)
"jttt - Java TCP Tunneling Tool" is an independent research project admin/develpoed by jeffkorn and jiechau. (http://sourceforge.net/projects/jttt/)