Re: idea for improving security
On Tue, May 06, 2003 at 01:07:24PM -0500, Mark Edgington wrote:
> Hi,
> I'm not sure whether this idea has been considered or implemented
> anywhere, but I have been thinking about it, and believe it would provide a
> fairly high-level of security for systems which only run a few public
> services. The gist of it is this:
> incorporate functionality into inetd/xinetd/rinetd which listens for a
> predefined sequence of connection attempts on certain ports. Upon noticing
> the correct sequence (as specified somewhere in the config file), it opens
> up certain ports (i.e. SSH) for a specified amount of time or for the next
> connection attempt only. The parameters which could be set in the config
I believe that there are rootkits in the wild which do this.
Although I can't find the reference I had to it, I believe that some
listen for traffic on a rare or unallocated protocol before opening a
backdoor.
[snip]
> Let me know if you have comments on this. I'm also interested to know if
> this has already being implemented anywhere.
--
William Aoki waoki@umnh.utah.edu /"\ ASCII Ribbon Campaign
B1FB C169 C7A6 238B 280B <- key change \ / No HTML in mail or news!
99AF A093 29AE 0AE1 9734 prev. expired X
/ \
Reply to: