Re: Detecting a Tunnel Over SSH?
- From: Joseph Spenner <joseph85750@xxxxxxxxx>
- Date: Fri, 17 Jul 2009 09:50:06 -0700 (PDT)
--- On Thu, 7/16/09, Gary Huntress <gary.huntress@xxxxxxxxx> wrote:
What I would like to know is, how is the tunnel
detected? I've
always assumed that once my ssh session is made that every
packet
would be completely encrypted, even the headers of the
tunneled
packets. So even if the tunnel used GRE (or whatever)
it would be
encrypted too. Clearly that's not the
case.
So, how is my tunnel detected? And no I'm
not going to keep trying,
this is a fireable offense!
Gary H.
The tunnel will be visible netstat and/or lsof on the ssh server. With netsat, you won't see who is tunneling. But with lsof it would show up:
root@thug:/home/user01# lsof -ni |grep 11111
sshd 21716 user01 10u IPv4 16978115 TCP 10.26.0.111:38272->10.26.0.211:11111 (ESTABLISHED)
root@thug:/home/user01# netstat -an |grep 11111
tcp 0 0 10.26.0.111:38272 10.26.0.211:11111 ESTABLISHED
If it's not permitted, why don't they simply deny it in sshd_config ?
#AllowTcpForwarding no
- References:
- Detecting a Tunnel Over SSH?
- From: Gary Huntress
- Detecting a Tunnel Over SSH?
- Prev by Date: Re: Detecting a Tunnel Over SSH?
- Next by Date: Re: need an efficient and secure sshd_config
- Previous by thread: Re: Detecting a Tunnel Over SSH?
- Next by thread: Re: Detecting a Tunnel Over SSH?
- Index(es):
Relevant Pages
|
