On Aug 24, 5:54*am, DimmuR wrote:

> I've some proxy that is configure to accept only 80 and 443 destination
> ports. But either that user can find shell account on 80 or 443 port and
> tunnel through this proxy to all internet. Is it possible to prevent that
> kind of actions that user can work only with http[s] sites without
> tunnels?

This is a human problem, not a technical problem. Review the logs and
appropriately punish those who break the rules.

DS

DimmuR wrote:
> Hello
>
> I've some proxy that is configure to accept only 80 and 443 destination
> ports. But either that user can find shell account on 80 or 443 port and
> tunnel through this proxy to all internet. Is it possible to prevent that
> kind of actions that user can work only with http[s] sites without
> tunnels?

SSH tunneling can be blocked, but there are tunneling
methods using HTTP as the low-level transport. Have a
look at e.g. corkscrew (you can Google for it).

As soon as you open *any* connection to the Internet,
you also open a way to transport clandestine tunneling.

Would you please care to tell why?

--

Tauno Voipio
tauno voipio (at) iki fi

On Sun, 24 Aug 2008 12:54:05 +0000 (UTC), DimmuR wrote:
>Hello

>I've some proxy that is configure to accept only 80 and 443 destination
>ports. But either that user can find shell account on 80 or 443 port and
>tunnel through this proxy to all internet. Is it possible to prevent that
>kind of actions that user can work only with http[s] sites without
>tunnels?

RTFM, specifically sshd.conf

On Sun, 24 Aug 2008 12:54:05 +0000, DimmuR wrote:
> I've some proxy that is configure to accept only 80 and 443 destination
> ports. But either that user can find shell account on 80 or 443 port and
> tunnel through this proxy to all internet. Is it possible to prevent
> that kind of actions that user can work only with http[s] sites without
> tunnels?

Deny all sites and only allow those sites you trust.

Wkr,
Sven Vermeulen