[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IP accounting per user

also sprach Matthias Juchem <lists@konfido.de> [2002.01.07.0244 +0100]:
> The big problem are the ssh shell accounts. The user can start almost any
> program that listens on a socket. You wouldn't have log files from this
> program and you can only account the outgoing traffic with iptables.

well no, i can block everything but the expected service ports with
iptables. i do that anyway... users can still use high ports for data
connections from the inside to the outside, but they can't connect to
any port that i don't want them to.

but yes, they can create active sockets...

martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
three things are certain:
death, taxes and lost data.
guess which has occurred.

Attachment: pgpNKbGMXU67F.pgp
Description: PGP signature

Reply to: