Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 2926 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Possible to create IPS rule to block SSH?

zenman
I realize that SSH is encrypted and that the IPS will not be able to detect the encrypted traffic, but I was wondering if there's an SSH connect string that could be added to block SSH with the IPS.  The reason for this is that its too easy for clients behind ASL to tunnel to their home boxes to bypass the security policy on any open port.

Any suggestions?


This thread was automatically locked due to age.
Parents
  • 0
    That's why some shops don't use rules and use only proxies; I don't think SSH will be able to traverse the HTTP proxy.

    Use a sniffer utility and see what the raw handshake packets look like...
Reply
  • 0
    That's why some shops don't use rules and use only proxies; I don't think SSH will be able to traverse the HTTP proxy.

    Use a sniffer utility and see what the raw handshake packets look like...
Children
No Data