ons 2007-05-23 klockan 17:46 +0100 skrev Markus Moeller: > Is it possible to log the bytes in and out of a connection made with the > CONNECT method. ? I am looking at identifying users misusing the SSL > connection as a "remote access" solution and was wondering if byte in/byte > out ratios could be used to identify the misuse without decrypting the > session. Squid only keeps a single total counter for CONNECT requests. To get them split you need to extend the code to keep two counters. > Are there other known ways besides IP-address/hostname blacklisting to > identify HTTPS tunnels ? Most isn't actually using SSL, so a IDS system looking for odd traffic in CONNECT requests will trap many of them (but not all). Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
