Detecting SSH tunnels on a linux firewall
rorith at kydance.net
Wed Jan 10 10:51:28 MST 2007
On Wed, January 10, 2007 10:47 am, Dave Long wrote:
> This situation where the user is ssh'ing to an outside box (from
> inside the network) to a box presumably with squid is what I am trying
> to determine. I do not want to be an evil admin and block all ssh
Barring statistical analysis of their traffic patterns, I don't believe
there is any way to stop it. Maybe an expert in SSH and routers can chime
in, but I don't think there's a 'nice' way.
One possibility, if they must have external SSH access is to allow them to
SSH to a DMZ server, and from there, SSH outside the network. This would
block direct tunnels, and you could configure the SSH daemon and clients
on the DMZ to not allowing tunelling.
Kydance Hosting & Consulting
More information about the PLUG