| Unix Content | Register | FAQ | Calendar | Search | Today's Posts | Mark Forums Read |
|
#1
|
| Hello I've some proxy that is configure to accept only 80 and 443 destination ports. But either that user can find shell account on 80 or 443 port and tunnel through this proxy to all internet. Is it possible to prevent that kind of actions that user can work only with http[s] sites without tunnels? -- \!/ Kadu: #2940543 ( @ @ ) mailto:dimmur-(at)-z-pl oOO-(_)-OOo Registered Linux user: #277278 D.I.M.M.U.R.: Digital Intelligent Machine Manufactured for Ultimate Repair |
|
#2
|
| On Aug 24, 5:54*am, DimmuR > I've some proxy that is configure to accept only 80 and 443 destination > ports. But either that user can find shell account on 80 or 443 port and > tunnel through this proxy to all internet. Is it possible to prevent that > kind of actions that user can work only with http[s] sites without > tunnels? This is a human problem, not a technical problem. Review the logs and appropriately punish those who break the rules. DS |
|
#3
|
| DimmuR wrote: > Hello > > I've some proxy that is configure to accept only 80 and 443 destination > ports. But either that user can find shell account on 80 or 443 port and > tunnel through this proxy to all internet. Is it possible to prevent that > kind of actions that user can work only with http[s] sites without > tunnels? SSH tunneling can be blocked, but there are tunneling methods using HTTP as the low-level transport. Have a look at e.g. corkscrew (you can Google for it). As soon as you open *any* connection to the Internet, you also open a way to transport clandestine tunneling. Would you please care to tell why? -- Tauno Voipio tauno voipio (at) iki fi |
|
#4
|
| On Sun, 24 Aug 2008 12:54:05 +0000 (UTC), DimmuR >Hello >I've some proxy that is configure to accept only 80 and 443 destination >ports. But either that user can find shell account on 80 or 443 port and >tunnel through this proxy to all internet. Is it possible to prevent that >kind of actions that user can work only with http[s] sites without >tunnels? RTFM, specifically sshd.conf |
|
#5
|
| On Sun, 24 Aug 2008 12:54:05 +0000, DimmuR wrote: > I've some proxy that is configure to accept only 80 and 443 destination > ports. But either that user can find shell account on 80 or 443 port and > tunnel through this proxy to all internet. Is it possible to prevent > that kind of actions that user can work only with http[s] sites without > tunnels? Deny all sites and only allow those sites you trust. Wkr, Sven Vermeulen |