nash: Ethereal or any other decent traffic analyzer can figure out what kind of traffic is being passed on any arbitrary stream. However, they can't see past any encryption layers. I agree that MrFlux's got the right idea on the "deny all" philosophy.
MrFlux: You can use most DNS servers listed as primary/secondary for domains, unless they block unknown clients for queries on domains they don't serve (I've only seen a few of those).
glytch: You assume that nash's IT guys have access to the machine he's ssh'ing from. Plus, netstat is the wrong tool for this purpose. But lsof would work.
__________________
"There are finer fish in the sea than have ever been caught." -- Irish proverb
|