Re: idea for improving security

[Hans Spaans <debian-security@lists.hansspaans.nl>]

On Wed, May 07, 2003 at 01:14:04AM +0200, Tim van Erven wrote:
> On Tue, 06/05/2003 13:07 -0500, Mark Edgington wrote:
> > incorporate functionality into inetd/xinetd/rinetd which listens for a 
> > predefined sequence of connection attempts on certain ports.  Upon noticing 
> > the correct sequence (as specified somewhere in the config file), it opens 
> > up certain ports (i.e. SSH) for a specified amount of time or for the next 
> > connection attempt only.  The parameters which could be set in the config 
> > file would be:
> > 1) the "trigger" sequence (an ordered list of port numbers)
> > 2) the port(s) to make available upon receiving this trigger sequence
> > 3) whether the ports to be made available are available for a) the next n 
> > connections only, and/or b) the next n minutes
> > 3) how long to disable watching for the sequence after an invalid sequence 
> > has been detected.
> 
> You could also run a daemon that listens on some port for a password and
> opens up other ports if it receives the right one, to get the same
> effect, but much easier to implement.

How are you going to handle firewalls and stuff? This because you need
to accept traffic for those ports.

-- 
Hans