g.raphaelli's weblog

Circumventing security policy with gearman

written by g, on Jan 12, 2009 8:42:00 PM.

Gearman can be handy for defeating security in situations like the one pictured:

Here, Host A can initiate connections to Host B but Host B is blocked by a firewall/router ACL/etc from initiating communications with Host A.

With gearman, you can call a service on Host A from Host B with a setup like this:

  1. Run a gearmand job server on host B (or any host that A and B can both reach).
  2. Register a gearman worker running on Host A with that job server.
  3. Submit work from a client running on Host B to that job server.

This idea can be taken another step by chaining workers together such that calling abc() as depicted above creates a job that Host C, which can't reach or be reached by Host B at all, can ultimately execute. That kind of setup makes it increasingly difficult to track an individual task's real status but it can be handy in a pinch.

Categories: Technical | Tagged as: ACL, firewall, gearman, job server, security

streetsblog.net

Latest Posts

Archive

Tags

ACL api blackkeys drdog firewall flickr ganglia gearman gmond gomez http im intro job server json libyahoo2 messenger metrics monitoring music mysql packaging personal python queue rocknroll rpm rrd security upload yaml zine

Elsewhere

flickr linkedin dopplr googlereader

Feeds

all posts all posts
technical posts technical
personal posts personal

Powered by Zine.