On Sun, 22 Oct 2006 14:42:18 +0200 "Inigo T. A." <[EMAIL PROTECTED]> wrote:
: El dom, 22-10-2006 a las 12:40 +0200, Steffen Wendzel escribis: : > On Sat, 21 Oct 2006 20:57:39 -0400 "Nick Guenther" <[EMAIL PROTECTED]> wrote: : : > : : > : So this is like an insecure version of SSH? : > : > it has nothing todo with SSH. And of course it isn't very secure : > BUT it adds security where normaly no security is, thats the point. : > : > You normaly have different open ports, but with this tool you can : > open/close them on demand. This is at least a little bit more secure : > than to have them open all the time. : : ?why? : : If you have a security problem with a service, the only "more secure" : action is to fix it, don't to open it eventually. : this isn't correct. Every service had some security problems in the past. Imagin that your service X is vulnerable (only since a few h by a zero day exploit or so) and someone tries to exploit it at 2:00 in the morning. but if you run some port knocking service (and your attacker does not know the port combination/secrect key or even does not know about a running port knocking system, he can not attack your service. if you only need the service for administration, you could do such a "hiding" of the service. you only would need to open the port by the portknocking service a few min while you use it to do some administration.
