> For those unfamiliar with the technique, it is like > knocking a certain pattern/code on a door to open it.
anyone unfamiliar with the technique hasn't read the archives whatsoever and thus is not going to garner favour from anyone here at all. > Has anyone heard of anyone working on a portknocking daemon for > OBSD/pf? There are a couple of basic setups over at > www.portknocking.org but thought I would check here before attempting a > port. i would venture to guess, probably not. portknocking topic shows up in pf@ or misc@ once every three months it seems, and someone comes in all full of stars and hope, but the blinding majority of code-contributing members, as well as at least the regular majority of list members don't really seem to want anything to do with it... some people seem to think it's "cool" and "hip" and "stealthy" while others think it is "cumbersome", "increases liability", and is essentially energy better spent elsewhere. > they have at portknocking.org and see what I can do for pf. I would > imagine I will have to setup anchors in pf which I haven't done yet but > am sure I will get my head around it. Any pointers would be > appreciated! :) anchors are cake. spend some time with authpf(8) and you can get to know anchors very quickly. instead of motioning to start a discussion about something that will probably want to make people jump down your throat, perhaps just use LogLevel QUIET or FATAL for sshd? if you think that sshd is a "loose end" that needs to be tied up, why not just do something far simpler and clearer like setup isakmpd or whatever vpn setup you need and only let sshd listen on the internal iface or otherwise filter the rest out? far less crappy voodoo to break or setup wrong. > I will also need to write a windows util to do the knocking for the > contractors - can Perl run on a Windows machine or will I have to dust > off my C compiler? :) i think there are perl interpreters for windows. jared -- [ openbsd 3.6 GENERIC ( nov 4 ) // i386 ]