[PLUG] SSHing to a box behind a firewall... netcat maybe?

Randal L. Schwartz merlyn at stonehenge.com
Sat Dec 27 17:06:01 UTC 2003


>>>>> "Derek" == Derek Loree <drl at drloree.com> writes:

Derek> I think it would be more a matter of timing, if I saw lots of ssh
Derek> traffic coming from a workstation with no driver, I would be suspicious.

How do you tell "no driver" automatically and remotely?

Again, I'm not trying to reduce the impact of the original caution.
After all, I became a felon for something similar.

I'm just trying to point out the futility of detecting that an
outbound ssh connection is also being used for inbound access.
Technically, that would be impossible to detect and/or filter, because
the pipe is opaque.

Derek> Your company should have some sort of acceptable access policy,
Derek> just check with the IT dept., they should be able to tell you
Derek> if that form of access is acceptable.

But beware what happened to me, where the chalk lines get moved after
the fact, perhaps because someone has a burr up their ass about how I
embarassed the establishment.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn at stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!



More information about the PLUG mailing list