Re: Detecting a Tunnel Over SSH?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Gary Huntress wrote:
Hi,

Let me start right off by saying I am not trying to circumvent the
security policy of my office, even though this will sound like that's
what I'm trying to do.   My office recently instituted a very strict
firewall policy which forbids tunneling traffic.

Prior to that, I would use putty from my XP desktop to reach a server
in our DMZ.   I would have an ssh session open for hours and I would
often tunnel traffic to administer a sybase database.   With the new
policy I can still establish and maintain an ssh session for as long
as I want but my connection is instantly closed if I try to tunnel.

What I would like to know is, how is the tunnel detected?   I've
always assumed that once my ssh session is made that every packet
would be completely encrypted, even the headers of the tunneled
packets.  So even if the tunnel used GRE (or whatever) it would be
encrypted too.   Clearly that's not the case.

So, how is my tunnel detected?   And no I'm not going to keep trying,
this is a fireable offense!

Packet size?

With normal SSH session, packet size will be usually small.

Contrary, if you send lots of data through the tunnel, packet sizes will be large.


--
Tomasz Chmielewski
http://wpkg.org

[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux