piercing corporate FW outbound
Chris Brenton
cbrenton at chrisbrenton.org
Sat Feb 7 07:58:35 EST 2004
On Fri, 2004-02-06 at 15:24, Derek Martin wrote:
>
> There exist firewalls which can look at packet payloads to determine
> if they conform to the protocol for which they are supposedly being
> transmitted. Your chums in the IT department are evidently using one.
Its probably _not_ the solution they are using, but Bill Stearns (who
also haunts this list) has an excellent solution for this under
iptables. Its part of the "used to be called firebrick but is now
modwall" project. You can find it here:
http://www.stearns.org/
Basically it does a content check for known SSH banners on all ports but
22/TCP. It only checks the initial part of the session so overhead is
pretty minimal.
C
More information about the gnhlug-discuss
mailing list