alex wilkinson <[EMAIL PROTECTED]> writes:

> Is it possible to detect users tunneling out over HTTPS i.e through a 
> firewall.
> e.g. users using something like corkscrew ssh over a HTTPS tunnel.

Possible? Yes, with some qualification.

Available out of the box with default PF config? No. 

You could for example set up a pf rule to redirect https traffic to a
content analyzer of your choice, with smart pattern matching software
which runs on something with lots and lots of processing power, before
letting the traffic pass on to wherever it was going in the first
place.  The effort involved would be non-trivial to say the least.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"

Reply via email to