Re: question about SSH / IPTABLES

To: Iñaki Martínez <debian@euskal-linux.org>
Subject: Re: question about SSH / IPTABLES
From: Charl Matthee <charl@infosat.net>
Date: Thu, 23 Jan 2003 14:32:36 +0200
Message-id: <[🔎] 20030123123236.GP16753@sa02.infosat.net>
In-reply-to: <[🔎] 20030123121721.GA27678@mx.euskal-linux.org>
References: <[🔎] 20030123112449.GB26498@mx.euskal-linux.org> <[🔎] 20030123115604.GL16753@sa02.infosat.net> <[🔎] 20030123121721.GA27678@mx.euskal-linux.org>

On Thu Jan 23 2003 at 01:17:21PM +0100 'I?aki Mart?nez' <debian@euskal-linux.org> wrote:

>  But if the client jump to another port????

That is the shortcoming of using this solution.

>  I think there is no COMPLETE solution........

If there is a rule there is generally some way around it ;) you need to
choose the solution that fits your situation best.

You could change the file permissions on the ssh binary AND use the
iptables rule. Also, mount the home partition read only so that they
cannot use their own binaries.

Another way of doing this may be to get a protocol analyzer like snort to
trigger the automatic addition of iptable rules if it sees outgoing ssh.

Ciao

Charl
__________________________________________________________________________ 

    [  Charl Matthee  ]                           [ +27-11-721-3800 ]   
    [ Systems Manager ]                           [ +27-11-405-6508 ]   
__________________________________________________________________________

Reply to:

References:
- question about SSH / IPTABLES
  - From: Iñaki Martínez <debian@euskal-linux.org>
- Re: question about SSH / IPTABLES
  - From: Charl Matthee <charl@infosat.net>
- Re: question about SSH / IPTABLES
  - From: Iñaki Martínez <debian@euskal-linux.org>

Prev by Date: Re: question about SSH / IPTABLES
Next by Date: Re: Invalid Archive Signatures
Previous by thread: Re: question about SSH / IPTABLES
Next by thread: Re: [security-unixtech] Re: question about SSH / IPTABLES
Index(es):
- Date
- Thread