Re: Understanding and preventing reverse ssh tunnels

[Peter Thomas <peter () hackertarget com>]

If you have open ports you cannot restrict ssh tunnels or port
forwarding within a SSH connection at the gateway as the communication
is encrypted. The gateway / firewall will only see SSH traffic.

To restrict tunnels you need to block ingress and egress traffic, and
only provide web access over a proxy that does SSL mitm and looks for
ssh over HTTP.

In most cases forcing use of proxy and blocking direct access to
external hosts will be enough.


On Fri, Jul 27, 2012 at 6:46 PM, a bv <vbavbalist () gmail com> wrote:
> Hi,
>
> How can i prevent reverse ssh tunnels?


-- 
Regards,

Peter
--------------------------------------------------
Security Scanning Tools On-line
Web: http://hackertarget.com/
--------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------