On 08/12/2010 03:51 PM, RB wrote: > On Thu, Aug 12, 2010 at 16:29, Cinaed Simson <[email protected]> wrote: >> Hi - suppose the office LAN has one open outbound port - say IMAP on >> port 143. >> >> I go home and configure my Linux desktop to run a SSH server on port 143. >> >> Now I return to the office and attempt to connect to my machine at home >> via port 143. >> >> Can pfsense be configured to stop the outbound SSH connection on port 143? > > It's just a war of escalation. You can do layer-7 filtering to pick > off basic abuses like this, but what if someone's really determined > and writes an IMAP-based transport for their shell? The standard IMAP > port supports switching to an encrypted mode post-connection. My > personal favorite was the shell that used a custom SMTP transport > layer - that one was nasty. Don't forget IP-over-DNS either. :) > > Pretty much any port you allow out (or even SSL websites) raw will > have this problem and you'll never reach 100% closure. You can > approximate 100% with application proxies that monitor for and cut off > abberrant behavior, but they'll never be perfect.
Thanks for the comments. I agree and we do have a Squid proxy but we use SSH internally on all the machines. And we trained everyone to use SSH to access the office from home. We're replacing SSH with Oracle's Secure Global Desktop using HTTPS. fwsnort appears to have a solution but it only runs under iptables on Linux - I was hopping to avoid iptables. > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > > -- "We are drowning in information and starving for knowledge." - Rutherford D. Roger --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
