Is it possible to detect SSH tunnels traveling through a Linux firewall (iptables). In other words, how do I detect normal ssh communication versus http traffic going through SSH?
My initial thoughts were that normal SSH traffic would have a specific connection and packet rate while other traffic like HTTP going through SSH would have a much different connection rate. Anyway, I would like to know other ideas. -- Dave Long [EMAIL PROTECTED] /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
