Re: idea for improving security

To: debian-security@lists.debian.org
Subject: Re: idea for improving security
From: Alain Tesio <alain@onesite.org>
Date: Wed, 7 May 2003 01:29:48 +0200
Message-id: <20030507012948.1f1d1a37.alain@onesite.org>
In-reply-to: <3EB7F9DC.2000501@iit.edu>
References: <3EB7F9DC.2000501@iit.edu>

On Tue, 06 May 2003 13:07:24 -0500
Mark Edgington <edgimar@iit.edu> wrote:

> 
> it doesn't matter if others are 
> connecting to port 80, etc. while he is doing these connections, as long as no-one 
> else is trying to connect to any of the ports in the trigger-sequence list -- this is 
> the only thing which will invalidate the sequence-recognition

Hi,it seems you don't mention that the connection attempts can be memorized
associated to the originating IP, and then the wanted port made available only for this IP.

It looks a bit complex to me, only useful for a private use of a port which is not
publically available, which means only for ssh as other protocols can pass through
a ssh tunnel.

This authentification system won't be vulnerable to ssh exploits, but you're
basically using port numbers as characters of an unencrypted password.

A simplification of your idea with no loss of feature without using ssh may be to
have incoming packets of an unique port appear as dropped from the outside and
still processed (how ??) by a daemon waiting for a password in the packet body.
Passwords can be OTP.

(a bit dirty) is it possible to use snort with a special rule to detect such a traffic,
eventually with another process reading snort log files ?

Alain

Reply to:

Follow-Ups:
- Re: idea for improving security
  - From: Jay Kline <list@slushpupie.com>

References:
- idea for improving security
  - From: Mark Edgington <edgimar@iit.edu>

Prev by Date: Re: idea for improving security
Next by Date: Re: idea for improving security
Previous by thread: Re: idea for improving security
Next by thread: Re: idea for improving security
Index(es):
- Date
- Thread