Package: wnpp Severity: wishlist * Package name : doorman Version : 0.8 Upstream Author : <[EMAIL PROTECTED]> * URL : http://doorman.sourceforge.net/ * License : GPL Description : Port knocking daemon for SSH and other servers
(Include the long description here.) How doorman differs from knockd (a Debian package) This particular implementation deviates a bit from his original proposal, in that the doorman watches for only a single UDP packet. To get the doorman to open up, the packet must contain an MD5 hash which correctly hashes a shared secret, salted with a 32-bit random number, the identifying user or group-name, and the requested service port-number. Download http://sourceforge.net/project/showfiles.php?group_id=92394&release_id=257407 Further reading Port Knocking By Martin Krzywinski on Sun, 2003-06-15 23:00. http://www.linuxjournal.com/article.php?sid=6811&mode=thread&order=0 http://www.portknocking.org/ Description The doorman is intended to run on systems which have their firewall rules turned down tightly enough as to be effectively invisible to the outside world. The doorman adds and removes extra rules in a carefully controlled manner. The doorman daemon "guards the door" of a host, admitting only recognized parties. It allows a server which is not intended for general public access to run with all of it's TCP ports closed to the outside world. A matching "knocker" is provided, with which to persuade the doorman to open the door a crack, just wide enough for a single TCP connection from a single IP address. And now, switching to metaphor 2... :) A private server thus rigged for silent running has greatly enhanced security. Port scans cannot reveal it's existence. Even if it's existence is known by other means (or the firewall isn't all that tight), possible bugs in server code cannot be exploited; packets from unknown sources simply never get to the bug. The current implementation of the doorman, "doormand", is suitable for protecting only TCP services on Unix-type systems. The door-knocker, "knock", can be run under Unix, GNU/Linux, or Microsoft Windows. The doorman is based on an original idea of Martin Krzywinski, who proposed watching firewall logs for a sequence of packets directed to closed ports, which method he described in Sysadmin magazine and linuxjournal.com. You might also visit his pages at www.portknocking.org. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.10-1-686 Locale: LANG=C, LC_CTYPE=C (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
