Detecting SSH tunnels on a linux firewall
Dave Long
long.dave at gmail.com
Wed Jan 10 10:11:19 MST 2007
Is it possible to detect SSH tunnels traveling through a Linux
firewall (iptables). In other words, how do I detect normal ssh
communication versus http traffic going through SSH?
My initial thoughts were that normal SSH traffic would have a specific
connection and packet rate while other traffic like HTTP going through
SSH would have a much different connection rate.
Anyway, I would like to know other ideas.
--
Dave Long
long.dave at gmail.com
More information about the PLUG
mailing list