How to Block SSH Tunneling (Proxy Tunneling) using Application Control
03/26/2020 11 15001
Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices. The encryption used by SSH provides confidentiality and integrity of data over an insecure network, such as the Internet. SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding TCP ports and X11 connections; it can transfer files using the associated SFTP or SCP protocols. For example, proxy apps like Puff the Magic Dagon and Simurgh use OpenSSH proxy. Both these apps can be blocked using the method described below.
This article describes how to block SSH tunneling using SonicWall App Control AdvancedSignature ID 446.
Login to the SonicWall Mangement GUI.
Navigate to the Firewall | App Control Advanced page. In Gen5 TZ devices this page is under Security Services | App Control
Check the box under Enable App Control and click on the Accept button at the top to enable App Control.
Under App Control Advanced | View Style select REMOTE-ACCESS under Category
Select SSH under Application
Click on the configure button.
In the Edit App Control App window, select Enable under Block and Log fields.
Click on OK to save.
The following screen capture shows a failed attempt when connecting to a SSH server using Njutrino.
The following messages will be logged under Log | View: