Date: Sun, 08 Sep 2002 09:44:20 +0200 From: Michael Bretterklieber <mbretter@inode.at> To: freebsd-net@freebsd.org Subject: protocol inspection (tunneling ssh over http proxy) Message-ID: <3D7AFFD4.6020500@inode.at>
next in thread | raw e-mail | index | archive | help
Hi, Is there any project or are there any plans to extend ipfw with a protocol inspection module? I know that this can be very bad for the performance of a firewall, but If you have only a bandwidth of 1MBit this shouldn't be a problem. We have problems in our company, that some users, wich have not directly access to the internet, let ssh tunnel over our http-proxy. Extending ssh for tunneling is very easy (see Putty or corkscrew) and its also not a problem for them to let on another machine sshd run on port 443 or 80. At the moment I have no idea how to prevent the users from tunneling ssh over http. bye, -- -- -------------------------------------- E-mail: Michael.Bretterklieber@jawa.at ---------------------------- JAWA Management Software GmbH Liebenauer Hauptstr. 200 A-8041 GRAZ Tel: ++43-(0)316-403274-12 Fax: ++43-(0)316-403274-10 GSM: ++43-(0)676-93 96 698 homepage: http://www.jawa.at --------- privat ----------- E-mail: mbretter@inode.at homepage: http://www.inode.at/mbretter -------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D7AFFD4.6020500>