alex wilkinson <[EMAIL PROTECTED]> writes: > Is it possible to detect users tunneling out over HTTPS i.e through a > firewall. > e.g. users using something like corkscrew ssh over a HTTPS tunnel.
Possible? Yes, with some qualification. Available out of the box with default PF config? No. You could for example set up a pf rule to redirect https traffic to a content analyzer of your choice, with smart pattern matching software which runs on something with lots and lots of processing power, before letting the traffic pass on to wherever it was going in the first place. The effort involved would be non-trivial to say the least. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
