On Sun, Oct 22, 2006 at 03:55:39AM -0700, Kian Mohageri wrote: > On 10/22/06, Steffen Wendzel <[EMAIL PROTECTED]> wrote: > > > > > > You normaly have different open ports > > > > pf(4) makes this a minor issue. No offense, but what you have there (in the > example specifically) is no better than a "limited" (if you consider ability > to reboot or kill ssh "limited") version of rexec/rsh. The way you > authenticate is obscured a bit, but not secured. > > A neat project, I'll give you that. But I don't recommend it on a > production server. > > -- > Kian Mohageri
Not to mention anyone on your network can sniff the "key", replay attacks, oh and running a daemon that is able to listen on all ports that is not from openbsd base... Authpf would allow you only open connections only to people who can authenticate, which cannot be easiliy sniffed and replayed such as with "port knocking".
