On 4/21/05, Peter N. M. Hansteen <[EMAIL PROTECTED]> wrote: > alex wilkinson <[EMAIL PROTECTED]> writes: > > > Is it possible to detect users tunneling out over HTTPS i.e through a > > firewall. > > e.g. users using something like corkscrew ssh over a HTTPS tunnel. > > Possible? Yes, with some qualification. > > Available out of the box with default PF config? No. > > You could for example set up a pf rule to redirect https traffic to a > content analyzer of your choice, with smart pattern matching software > which runs on something with lots and lots of processing power, before > letting the traffic pass on to wherever it was going in the first > place. The effort involved would be non-trivial to say the least.
Is it possible to disguise this behaviour ? From a client perspective. - aW
