On Thu, Sep 30, 2004 at 12:15:45PM +0100, Jon Dowland wrote:
> On Wed, 29 Sep 2004 16:08:53 -0500, Jacob S <stormspotter@6texans.net> wrote:
> > On Wed, 29 Sep 2004 21:55:59 +0200
> > Matthijs <vanaalten@hotmail.com> wrote:
> >
> > > In the dutch computer magazine C't, I read an article a few months ago
> > > about protecting your computer using a port knocking system. If I
> > > remember correctly, you can close a port (your SSH port, for example)
> > > and only open it when a pre-defined pattern of access attempts on a
> > > pre-defined port (unused for applications) is applied. The SSH port
> > > can then be set to open in your firewall, perhaps only for the
> > > IP-adress that performed the knocking sequence.
> >
> > hmm... You're right, it's not what I'm looking for, but it still sounds
> > like a good concept. I'd be interested in learning more about that, if
> > not for this use with ssh, I have a couple other applications it could
> > work with on servers.
>
> Quick pro-cons: pro: if a remote root exploit for ssh is found, you
> aren't vulnerable unless the attacker knows your port-knocking code.
> pro-ish: a portscan doesn't show an ssh service running (which you
> might like). cons: you need to have software which supports port
> knocking to open up the port, which you may not have to hand in say
> e.g. a friends house, an internet cafe.
Hi Jon, most PC's have 'ping'. can you make a port knock with this?
-Kev
> con: depending on
> implementation, you might be vulnerable to exploits in the
> port-knocking daemon (so a tradeoff with the first pro).
>
>
> --
> Jon Dowland
> dowland@gmail.com
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--
(__)
(oo)
/------\/
/ | ||
* /\---/\
~~ ~~
...."Have you mooed today?"...
Attachment:
signature.asc
Description: Digital signature