Re: SSH tunneling/port forwarding and stateful packet inspection
From: Richard E. Silverman (res_at_qoxp.net)
Date: 02/25/04
- Next message: Nico Kadel-Garcia: "Re: ssh over http"
- Previous message: Kirk: "scp pathing help with f secure and open ssh"
- In reply to: steve: "SSH tunneling/port forwarding and stateful packet inspection"
- Next in thread: steve: "Re: SSH tunneling/port forwarding and stateful packet inspection"
- Reply: steve: "Re: SSH tunneling/port forwarding and stateful packet inspection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 24 Feb 2004 22:02:59 -0800
> ... However, in doing a packet trace, I saw that the header of the
> packet really is ssl traffic, but the actual port 3389 (term server)
> traffic a) encrypted and b) encapsulated. So as far as teh SPI
> functionality of the firewall is concerned, it is SSL traffic.
Your terminology is confused and you want "SSH" here, not "SSL" (these are
two entirely different protocols) -- but I suppose you've got the idea.
All the firewall can see is a TCP connection whose contents are entirely
opaque because they are encrypted. The fact that the connection is being
to forward traffic between two other TCP connections elsewhere is
invisible to the firewall.
-- Richard Silverman res@qoxp.net
- Next message: Nico Kadel-Garcia: "Re: ssh over http"
- Previous message: Kirk: "scp pathing help with f secure and open ssh"
- In reply to: steve: "SSH tunneling/port forwarding and stateful packet inspection"
- Next in thread: steve: "Re: SSH tunneling/port forwarding and stateful packet inspection"
- Reply: steve: "Re: SSH tunneling/port forwarding and stateful packet inspection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
