What are the major vulnerabilities of allowing/utilizing SOCKS5 backconnect connections?
I am familiar with SOCKS5 SSH tunnels (e.g., ssh -N -D 8080 [email protected] -p 22). I am trying to consider what additional vulnerabilities we are opening our network to if we use backconnect connections rather than traditional outbound SSH tunnels.
It seems that a backconnect connection type is similar to the way we used to set up remote access tunnels (i.e., PCAnywhere). Is that the right way to think about how backconnect connections work? Is this generalization (backconnect = RAT) reasonable?
Network namespaces are useful for creating virtual/real network isolation. Are there any clever ways to use two IP range networks to somehow allow a local client to SSH to a locally segregated backconnect connection network?
