[clug] ssh, https and GoogleEarth

Kim Holburn kim.holburn at gmail.com
Wed Jan 10 13:01:36 GMT 2007 

On 2007/Jan/10, at 11:36 AM, chris wrote:
> Is there a way to completely block ssh traffic while permitting https
> traffic through over a network that uses a proxy to access the net? If
> you block outgoing traffic on port 22, then people can setup sshd to
> listen on port 443. And the proxy will let you through because it  
> thinks
> you are visiting a https page. In other words, how can I distinguish
> between ssh traffic and SSL traffic?

The only way to do this effectively is to examine the packets, with  
an application layer (layer 4) firewall or with a snort based system  
like an IDS.

> Just another unrelated issue, I am within a Novell network environment
> (Novell Core Protocol sits above all other protocols), I use a  
> proxy to
> access the net. While Firefox in windows has no issues to authenticate
> itself using a Java program, which is invisible to the user end, but
> Firefox in Debian keeps saying "the data area passed to a system  
> call is
> too small", I looked it up on Google but didn't find out anything
> remarkably helpful.
>
> I don't know how the authentication works, it doesn't require a  
> user ID
> or password, if you are running Windows on a laptop and you can  
> pass the
> authentication straight away by connecting to the network and get  
> an IP
> off the DHCP server.

802.1X ? <http://en.wikipedia.org/wiki/802.1x>?

> My workaround is that I am setting my Debian laptop as a router for
> another machine that runs XP, as soon the the XP box gets a page from
> say www.google.com, my debian is able to use the net without any
> trouble. Alternative I can copy the IP and Mac off any box already  
> been
> authenticated and stick them in my setting.
>
> Once my net is usable on Debian, if I try to use GoogleEarth, it gets
> stuck on contacting server. I can use GoogleEarth perfectly on the XP
> box behind my Debian laptop. If I use a ssh tunnel to use a remote
> proxy, GoogleEarth will work okay. Any idea what might be causing  
> all this?

proxy?


--
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294  M: +39 3342707610
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961

More information about the linux mailing list