Detecting SSH tunnels on a linux firewall

Kyle Robinson ky.robinson at
Wed Jan 10 10:15:27 MST 2007

On 1/10/07, Dave Long <long.dave at> wrote:
> Is it possible to detect SSH tunnels traveling through a Linux
> firewall (iptables).  In other words, how do I detect normal ssh
> communication versus http traffic going through SSH?
> My initial thoughts were that normal SSH traffic would have a specific
> connection and packet rate while other traffic like HTTP going through
> SSH would have a much different connection rate.
> Anyway, I would like to know other ideas.
> --
> Dave Long
> long.dave at

Force the HTTP traffic into a transparent proxy.

More information about the PLUG mailing list