Detecting SSH tunnels on a linux firewall
gabe at gundy.org
Wed Jan 10 11:25:15 MST 2007
On Wed, 2007-01-10 at 10:47 -0700, Dave Long wrote:
> This situation where the user is ssh'ing to an outside box (from
> inside the network) to a box presumably with squid is what I am trying
> to determine. I do not want to be an evil admin and block all ssh
Sounds like the bigger problem is a trust issue. There are many ways
*technically* to approach the situation (some clearly better then
others), but maybe management should be made aware of her behavior and
they can handle it based on an established code of conduct. You can
then do what you (presumably) love - work on technical issues. I know
when I adopted this approach, it made my job much more pleasant.
Besides, who wants to work with people they can't trust? :)
Barring that, I'd go with Matthew Walker's DMZ/iptables/sshd approach.
More information about the PLUG