A couple lines of thought collided today during a conversation with a
friend who is also an fwknop user. Sending a knock over http is a clever
feature, and the hidden service idea is really cool. For example, I have a
web server that also has a cacti service in order to monitor that service.
However, I don't really want to log into cacti over http, as it would send
my username and password in the clear.
An https request sends an encrypted url request. Pcap cannot sniff this
encrypted url. While doing some work on the http support in the android
client, I observed that an http request (or an https request) will write
the requested url to the apache access_log file.
So, what if instead of using pcap to sniff incoming connections, we added
an option to watch an Apache access_log for an http or https request that
contained a valid SPA string.
The use case would be a hidden service that is accessed entirely over the
encrypted ssl channel. To anyone watching, all the traffic would look like
https access to the public web site, but we could send an spa packet and
access a hidden service all using ssl over port 443.
--Jonathan
------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors
network devices and physical & virtual servers, alerts via email & sms
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
