Hijacking connections

[calanon]

Someone suggested to me that when using authpf and the pf to access a network segment, what prevents a would be attacker accessing your workstation and opening another console process to access the restricted network through the already authenticated ssh connection.

Are there ways to prevent such a thing or to make it hard for such a scenario ?

[jggimi]

Quote:

...attacker accessing your workstation...

Nothing at all. Any packet filter or other network protections needed to prevent misuse sourced from the authenticated device is the responsibility of the network admin.

Consider: all authpf(8) does when a connection is authenticated is:

1. Load admin-provisioned filter rules into PF at the admin-specified anchor point.
2. Permit the admin to use two PF macros in the rules: $user_ip, the ip address of the authenticated and connected device, and $user_id, the user name connected to the authpf(8) shell on the gateway router.

The rules remain in effect at the anchor point until the ssh(1) session is terminated.

Network protections the astute admin will consider include packet filtering, stateful processing, authentication and authorization systems, and encrypted traffic.