On Sat, Apr 21, 2007 at 07:43:23AM +0300, Nick Demou wrote:
> On 4/21/07, Jeff D <fixedored@gmail.com> wrote:
> >On Fri, 20 Apr 2007, Nick Demou wrote:
> >[...]
> >>
> >> Any other idea of simple measures that will keep as many attackers
> >> away from the one and only service that is listening to the Internet?
> >> [...]
> >
> >I'm not sure if this fits what you are looking for or not:
> >http://www.cipherdyne.org/fwknop/
> >
> >This does single packed authentication, you send a specially crafted packet
> >to the server, through a client app though, and it opens up the firewall
> >for you for a specified amount of time and closes it back up after you
> >are done.
>
> Thanks, it's what I was looking for. Allthough it does have the
> drawback of requiring a special client to knock the server as you
> noted. This, however, is the sideeffect of making the implementation
> much more robust and not relying on security by obscurity. To be
> honest I prefer the convenience of connecting without a special client
> but I allready thought of an easy way to make fwknop ... less secure
> (always easier than the oposite :)
Despite being security-through-obscurity, it *is* possible to run https
and ssh on the same port, via a proxy:
http://sourceforge.net/projects/ssh-ssl-proxy/
It is not designed for what you have in mind - but at least casual
scanners could well see an https server instead of SSH...
Disclaimer: yes: i wrote it. This is blatant advertsing. Hope it's usefull
--
Karl E. Jorgensen
karl@jorgensen.org.uk http://www.jorgensen.org.uk/
karl@jorgensen.com http://karl.jorgensen.com
==== Today's fortune:
Just when you thought you were winning the rat race, along comes a faster rat!!
Attachment:
signature.asc
Description: Digital signature