How to Block SSH Tunneling (Proxy Tunneling) using Application Control

Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices. The encryption used by SSH provides confidentiality and integrity of data over an insecure network, such as the Internet. SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding TCP ports and X11 connections; it can transfer files using the associated SFTP or SCP protocols. For example, proxy apps like Puff the Magic Dagon and Simurgh use OpenSSH proxy.  Both these apps can be blocked using the method described below.

This article describes how to block SSH tunneling using SonicWall App Control Advanced Signature ID 446.

Login to the SonicWall Mangement GUI.

• Navigate to the Firewall | App Control Advanced page. In Gen5 TZ devices this page is under Security Services | App Control
• Check the box under Enable App Control  and click on the Accept button at the top to enable App Control.
• Under App Control Advanced | View Style select REMOTE-ACCESS under Category
• Select SSH under Application
• Click on the configure button.
• In the Edit App Control App window, select Enable under Block and Log fields.
• Click on OK to save.

Testing

The following screen capture shows a failed attempt when connecting to a SSH server using Njutrino.