[zorp] Telnet data or UDP paquets?

Balazs Scheidler bazsi at balabit.hu
Wed Aug 6 17:49:49 CEST 2008

On Wed, 2008-08-06 at 15:04 +0200, Clement Fillon wrote:
> To whom it may concern,
> Is there a way to look into telnet data part or udp packets and log or
> even filter that on some keysequences? I read in the documentation
> that telnet proxy only filters some telnet commands but not what the
> user types. This PlugProxy could also handle UDP and telnet trafic but
> seems like no use because it does only simply forward without doing
> anything? Can Anypy be used for this as I think telnet would need a
> no-blocking proxy and Anypy seems to block on read? Does Anypy handle
> UDP paquets, too?
> I hope anyone can help me here and sorry for my bad english!

What do you want to accomplish exactly? It is quiet complicated to
filter out keystrokes, as there's usually a terminal emulator at the
client, and escape sequences and the server state can change the meaning
of a single character significatnly. To make things safe, you'd probably
have to embed a complete terminal emulator into Zorp.

As a sidenote, this is something similar that we do with our Shell
Control Box product, but instead of doing online filtering, we save the
complete telnet (and ssh) terminal traffic, and replay it later in an
audit player on the auditor's computer.

About your questions about anypy: Mag (m4gw4s at gmail.com), also
subscribed to this list, has patches to add non-blocking AnyPy support

And about UDP: in Zorp, proxies are independent of the transport
protocol, so each proxy can be used to transfer both UDP and TCP
traffic. You can even convert between the two.


More information about the zorp mailing list