Detecting SSH tunnels on a linux firewall
Nicholas Leippe
nick at leippe.com
Wed Jan 10 10:15:19 MST 2007
On Wednesday 10 January 2007 10:11, Dave Long wrote:
> Is it possible to detect SSH tunnels traveling through a Linux
> firewall (iptables). In other words, how do I detect normal ssh
> communication versus http traffic going through SSH?
>
> My initial thoughts were that normal SSH traffic would have a specific
> connection and packet rate while other traffic like HTTP going through
> SSH would have a much different connection rate.
>
> Anyway, I would like to know other ideas.
Why not just disable tcp forwarding in sshd_config?
More information about the PLUG
mailing list