View Single Post
  #1   (View Single Post)  
Old 15th July 2013
pttymuth's Avatar
pttymuth pttymuth is offline
Port Guard
 
Join Date: Jul 2013
Posts: 13
Default Prevent SSH tunneling through port 80

Hi All,

I'm interested in stopping SSH connections from traveling through port 80. I'm not interested in doing this because I want to prevent my users from enjoying SSH connections. I have no users. Rather, I'm imagining a scenario where a rootkitted host is attempting to covertly connect to the outside world.

Of course SSH or even other traffic could be tunneled through various protocols. This is a huge problem and SSH though port 80 is one small portion of it. If anyone has ideas of how to stop the aforementioned, please share them here. Many tools and guides exist on tunneling SSH through port 80, even through HTTP proxies.

Apparently SSL connections can be decrypted and inspected by the proxy combination Squid+SslBump. I'm not familiar with Squid - yet. It would be cool if somehow decrypted traffic could be identified as either legitimate HTTPS traffic or malicious.
Reply With Quote