ons 2003-02-12 klockan 12.40 skrev Gavin Hamill: > Actually, do the squid logs contain how much time elapsed during the CONNECT?
Yes. The duration column shows how long the connection was held open. (squid native access.log format only) Note: In some conditions fully valid https:// traffic may keep a connection open for extended period of time if there is periodic traffic more frequently than the persistent connections timeout in the browser and/or server, for example if a user has a automatically refreshing window open with a https://... URL such as a a stock rates display or similar.. > Microsoft ISA would probably implement this as a 'Tunnel Stealth Mode' > integrated into the main application, but I don't believe it's desirable for > squid to perform this task in itself, hence the suggestion of monitoring the > log files. Using SNORT or other IDS applications is probably a good idea. Not at all hard to set up a filter to detect when someone is running SSH over port 443... just look for the SSH signature in response to a connection to port 443. -- Henrik Nordstrom <[EMAIL PROTECTED]> MARA Systems AB, Sweden
