JD Runyan wrote:
Todd Walton wrote:
But his question concerns wrapping SSH in SSL. It's common for SSL to
contain legitimate HTTP traffic. So, if a firewall is supposed to let
HTTP through, would SSH be able to get through by donning the SSL
sheep mask and by walking like sheep on port 80? Or would the smelly
black-furred legs sticking out the bottom give him away?
Most firewalls aren't profiling what is moving across the port to see
if the traffic is valid. This would be done by an IDS system. Moving
across 80 with SSL may be denied by some IDS systems as being
suspicious. Moving across 443 with SSL would be quite normal. SSH
uses SSL, so it would be silly to wrap it in SSL in most cases.
I would think the traffic flow and volume might look wrong rather than
the protocol and port. The peole at COx, for instance, might think it a
little strange to see several simutaneous encrypted connections to the
same subnet or address downloading several megs, or possibly a few gigs,
of data. Not that this wouldn't happen using SSH, but I'd sure be
curious to know what that many folks were being so secretive about. I've
got to think that somebody at someplace like Cox would begin to wonder
if a basic customer was trying to avoid paying for business services and
running a server of some sort. Then again... tempting just to see what
would happen.
Robert Donovan
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
