Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Understanding and preventing reverse ssh tunnels

From: !s3grim <persephane () gmx eu>
Date: Fri, 3 Aug 2012 20:12:28 +0200
I don't think any SSL-mitm-proxy is such a good idea. Any SSL-traffic, even it is 'secure', has to be intercepted. Thus 
leading to many certificate warnings annoying your users and getting them used to invalid certificates and ignoring 
warnings, you won't neither be able to distict malicious site from good ones, even if you wan't to, nor be able to 
detect all types of reverse tunnels, and theoretically there are a plenty of, some being already existent. 

Btw, I don't think a proxy could ever handle this kind of problem. Any solution relaying parts of the submitted content 
without change can be misused  for tunneling. If you are afraid, your user will be owned, what about considering 
something like a terminal session just presenting a browser window without copy'n'paste. Thus at least will prevent 
simple tunneling by changing the semantics of interaction interrupting the direct channel. 

Cheers
!s3grimm



Am 03.08.2012 um 04:49 schrieb Peter Thomas <peter () hackertarget com>:


If you have open ports you cannot restrict ssh tunnels or port
forwarding within a SSH connection at the gateway as the communication
is encrypted. The gateway / firewall will only see SSH traffic.

To restrict tunnels you need to block ingress and egress traffic, and
only provide web access over a proxy that does SSL mitm and looks for
ssh over HTTP.

In most cases forcing use of proxy and blocking direct access to
external hosts will be enough.


On Fri, Jul 27, 2012 at 6:46 PM, a bv <vbavbalist () gmail com> wrote:

Hi,

How can i prevent reverse ssh tunnels?




-- 
Regards,

Peter
--------------------------------------------------
Security Scanning Tools On-line
Web: http://hackertarget.com/
--------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: