Hi all,
I'm interested in stopping SSH connections from traveling through port 80. I'm not interested in doing this because I want to prevent my users from enjoying SSH connections. I have no users. Rather, I'm imagining a scenario where a rootkitted host is attempting to covertly connect to the outside world.
Of course SSH or even other traffic could be tunneled through various protocols. This is a huge problem and SSH though port 80 is one small portion of it. If anyone has ideas of how to stop the aforementioned, please share them here. Many tools and guides exist on tunneling SSH through port 80, even through HTTP proxies.
Apparently SSL connections can be decrypted and inspected by the proxy combination Squid+SslBump. I'm not familiar with Squid - yet. It would be cool if somehow decrypted traffic could be identified as either legitimate HTTPS traffic or malicious.
Link to Squid+SslBump Page Here:
http://wiki.squid-cache.org/Features/SslBump
Also, this is a mirror of the topic on Daemonforums / OpenBSD Security:
http://www.daemonforums.org/showthread.php?t=8003
I'm interested in stopping SSH connections from traveling through port 80. I'm not interested in doing this because I want to prevent my users from enjoying SSH connections. I have no users. Rather, I'm imagining a scenario where a rootkitted host is attempting to covertly connect to the outside world.
Of course SSH or even other traffic could be tunneled through various protocols. This is a huge problem and SSH though port 80 is one small portion of it. If anyone has ideas of how to stop the aforementioned, please share them here. Many tools and guides exist on tunneling SSH through port 80, even through HTTP proxies.
Apparently SSL connections can be decrypted and inspected by the proxy combination Squid+SslBump. I'm not familiar with Squid - yet. It would be cool if somehow decrypted traffic could be identified as either legitimate HTTPS traffic or malicious.
Link to Squid+SslBump Page Here:
http://wiki.squid-cache.org/Features/SslBump
Also, this is a mirror of the topic on Daemonforums / OpenBSD Security:
http://www.daemonforums.org/showthread.php?t=8003