Network Security: Detailed info on Re: Limiting SSH reverse tunnels?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Secure-Shell

[Top] [All Lists]

Re: Limiting SSH reverse tunnels?

from [Leif Nixon] Network Security

[Permanent Link]

Subject:	Re: Limiting SSH reverse tunnels?
Date:	Fri, 07 Oct 2005 15:55:49 +0200

Patrick Morris <pmorris@hermesinfotech.com> writes:

What I'm hoping I can do is disable the ability to set up these
tunnels back into corporate, without destroying the ability to access
internal machines over non-SSH protocols via the SSH gateways.  In
other words, I'd like to allow forwarding, but only in one direction.


Not possible. Even if you manage to disable the built-in TCP
forwarding, the users would still be able to use separate tools to
forward network traffic over the terminal connection. You're only
making it a little bit harder for them.

-- 
Leif Nixon                       -            Systems expert
------------------------------------------------------------
National Supercomputer Centre    -      Linkoping University
------------------------------------------------------------

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Limiting SSH reverse tunnels?, Chris Jensen Re: Limiting SSH reverse tunnels?, Patrick Morris Re: Limiting SSH reverse tunnels?, Leif Nixon <=

Previous by Date:	Not attached to tty..., Bhalaji Narayanan
Next by Date:	setting env. var in authorized_keys, 3.5p1, bobby temper
Previous by Thread:	Re: Limiting SSH reverse tunnels?, Patrick Morris
Next by Thread:	howto port forward w/out remote session?, sean
Indexes:	[Date] [Thread] [Top] [All Lists]