>Tunneling via SSH (ssh -D) is super easy to detect.
Mind elaborating on a how level how they'd distinguish? Just volume of it?
>Tunneling via SSH (ssh -D) is super easy to detect.
Mind elaborating on a how level how they'd distinguish? Just volume of it?
More like ML classification based on packet sizes and time deltas.