On Wed, Feb 17, 2010 at 07:51:03AM +0100, Per-Olov Sj?holm wrote:
On 17 feb 2010, at 02.07, Randal L. Schwartz wrote:
Paul == Paul de Weerd we...@weirdnet.nl writes:
Paul Jeez... As an asker, you don't really get to decide how or what other
Paul people answer, or if they even answer at
On 2010 Feb 17 (Wed) at 07:51:03 +0100 (+0100), Per-Olov Sjvholm wrote:
:Answer correctly or don't answer at all.
It seems to me that people *did* answer correctly. But, their answer
was not what you wanted to hear.
The answer: don't use port knocking, use a randomized url.
On 17 feb 2010, at 12.38, Peter Hessler wrote:
On 2010 Feb 17 (Wed) at 07:51:03 +0100 (+0100), Per-Olov Sjvholm wrote:
:Answer correctly or don't answer at all.
It seems to me that people *did* answer correctly. But, their answer
was not what you wanted to hear.
The answer: don't use port
Hi misc
I am looking for a tool to use as a trigger for dynamically open PF ports from
certain IP:s.
I will access non critical info but want at least a port knocker as security.
If I access an IP on my DMZ that is not in use on a port that is fake I want
to dynamically add a PF rule for a
I will access non critical info but want at least a port knocker as security.
s/security/inappropriate self-touching/
On Tue, Feb 16, 2010 at 10:22:04AM +0100, Per-Olov Sj?holm wrote:
Hi misc
I am looking for a tool to use as a trigger for dynamically open PF ports from
certain IP:s.
I will access non critical info but want at least a port knocker as security.
If I access an IP on my DMZ that is not in
On Tue, Feb 16, 2010 at 10:22:04AM +0100, Per-Olov Sjvholm wrote:
Hi misc
I am looking for a tool to use as a trigger for dynamically open PF ports from
certain IP:s.
I will access non critical info but want at least a port knocker as security.
If I access an IP on my DMZ that is not in
On 16 feb 2010, at 10.40, Claudio Jeker wrote:
On Tue, Feb 16, 2010 at 10:22:04AM +0100, Per-Olov Sjvholm wrote:
Hi misc
I am looking for a tool to use as a trigger for dynamically open PF ports
from
certain IP:s.
I will access non critical info but want at least a port knocker as
Why not require a authentication token in the url?
On 16 Feb 2010 10:59, Per-Olov SjC6holm pe...@incedo.org wrote:
On 16 feb 2010, at 10.40, Claudio Jeker wrote:
On Tue, Feb 16, 2010 at 10:22:04AM +0100, Per-Olov...
How do you use authpf from a IPhone or similar...
The reason is to use and
Per-Olov SjC6holm wrote:
How do you use authpf from a IPhone or similar...
Probably Fugu or Cyberduck or, if you can get a shell, plain openssh, as
Fugu is a UI for the client.
http://rsug.itd.umich.edu/software/fugu/
http://cyberduck.ch/
/Lars
On 16 feb 2010, at 11.04, Floor Terra wrote:
Why not require a authentication token in the url?
On 16 Feb 2010 10:59, Per-Olov SjC6holm pe...@incedo.org wrote:
On 16 feb 2010, at 10.40, Claudio Jeker wrote:
On Tue, Feb 16, 2010 at 10:22:04AM +0100, Per-Olov...
How do you use authpf from a
Per-Olov Sjvholm pe...@incedo.org writes:
How do you use authpf from a IPhone or similar...
There are ssh clients for iphones, just look in the app store. The
one i ended up installing has gone up in price it seems to (shock,
horror) NOK 35 (about USD 6), but I see one at NOK 6 (about a
On 16 feb 2010, at 11.11, Lars Nooden wrote:
http://rsug.itd.umich.edu/software/fugu/
Noop. Can't see that these will work and all phones and computers seamlessly
with ease of use for the users.
The reason for the post was just to see if there is already any tools for this
purpose, which is
There is a way to do port knocking in pf without any external help. Maybe
you can figure it out. I will not give more hints since port knocking is a
dumb idea better spend your time reading on authpf(8).
--
:wq Claudio
How do you use authpf from a IPhone or similar...
The
On 16 feb 2010, at 11.17, Bret S. Lambert wrote:
There is a way to do port knocking in pf without any external help. Maybe
you can figure it out. I will not give more hints since port knocking is
a
dumb idea better spend your time reading on authpf(8).
--
:wq Claudio
How do you use
On 16 feb 2010, at 11.17, Peter N. M. Hansteen wrote:
Per-Olov Sjvholm pe...@incedo.org writes:
How do you use authpf from a IPhone or similar...
There are ssh clients for iphones, just look in the app store. The
one i ended up installing has gone up in price it seems to (shock,
horror)
On Tue, Feb 16, 2010 at 11:28:28AM +0100, Per-Olov Sj?holm wrote:
On 16 feb 2010, at 11.17, Bret S. Lambert wrote:
There is a way to do port knocking in pf without any external help. Maybe
you can figure it out. I will not give more hints since port knocking is a
dumb idea better spend
On 16 feb 2010, at 11.44, Lars Nooden wrote:
Per-Olov Sjvholm wrote:
On 16 feb 2010, at 11.11, Lars Nooden wrote:
http://rsug.itd.umich.edu/software/fugu/
Noop. Can't see that these will work and all phones and computers
seamlessly with ease of use for the users.
You appear to have
Per-Olov Sjvholm wrote:
On 16 feb 2010, at 11.11, Lars Nooden wrote:
http://rsug.itd.umich.edu/software/fugu/
Noop. Can't see that these will work and all phones and computers
seamlessly with ease of use for the users.
You appear to have asked about clients for the iphone, not all
On 16 feb 2010, at 11.35, Bret S. Lambert wrote:
On Tue, Feb 16, 2010 at 11:28:28AM +0100, Per-Olov Sj?holm wrote:
On 16 feb 2010, at 11.17, Bret S. Lambert wrote:
There is a way to do port knocking in pf without any external help.
Maybe
you can figure it out. I will not give more hints
On 2010-02-16, Per-Olov Sj?holm pe...@incedo.org wrote:
The reason is to use and RSS reader that cannot autenticate. I want some sort
of security for it even though it's not critical.
https://some.host/super-sekrit-password-here/feed.rss gives more
security than trying to use a web browser
Hi again Lars...
And important addition below
On 16 feb 2010, at 11.44, Lars Nooden wrote:
Per-Olov Sjvholm wrote:
On 16 feb 2010, at 11.11, Lars Nooden wrote:
http://rsug.itd.umich.edu/software/fugu/
Noop. Can't see that these will work and all phones and computers
seamlessly with
Just put your data on some funny port, then? Or give it a long and hard
to guess name, that might actually have sufficient entropy to be any
use.
A less-than-16-bit random port is rather easy to guess.
And, if you really want to do port blocking, read the pf man page. It is
possible with a rule
On Tue, Feb 16, 2010 at 11:44:12AM +0100, Per-Olov Sj?holm wrote:
See my post to Peter H. You obviously have not worked with security
Why? Because I'm unwilling to endorse your preferred approach?
and the tradeoffs you _always_ have to make.
Yes, you make tradeoffs, but you're asking for
Per-Olov Sjvholm p...@incedo.org writes:
None said anything about a password.. From where did you get that? I don't
have a plain text password.
A port knocking sequence is for most purposes a password, encoded in a
16 bit alphabet. That's it - port numbers run from 0 through 64k,
although
Per-Olov Sjvholm wrote:
...Or did miss something here?
You missed quite a lot. I would recommend looking up the following
before aggravating a larger public:
client - server architecture
client application
server (daemon)
rss
ssh
http, https
On 16 feb 2010, at 12.06, Lars Nooden wrote:
Per-Olov Sjvholm wrote:
...Or did miss something here?
You missed quite a lot. I would recommend looking up the following
before aggravating a larger public:
client - server architecture
client application
server (daemon)
On 16 feb 2010, at 11.57, Stuart Henderson wrote:
On 2010-02-16, Per-Olov Sj?holm pe...@incedo.org wrote:
The reason is to use and RSS reader that cannot autenticate. I want some
sort
of security for it even though it's not critical.
https://some.host/super-sekrit-password-here/feed.rss
On 16 feb 2010, at 12.07, Bret S. Lambert wrote:
On Tue, Feb 16, 2010 at 11:44:12AM +0100, Per-Olov Sj?holm wrote:
See my post to Peter H. You obviously have not worked with security
Why? Because I'm unwilling to endorse your preferred approach?
and the tradeoffs you _always_ have to make.
On Tue, Feb 16, 2010 at 12:27:44PM +0100, Per-Olov Sj?holm wrote:
On 16 feb 2010, at 12.07, Bret S. Lambert wrote:
On Tue, Feb 16, 2010 at 11:44:12AM +0100, Per-Olov Sj?holm wrote:
See my post to Peter H. You obviously have not worked with security
Why? Because I'm unwilling to
On 16 feb 2010, at 12.06, Peter N. M. Hansteen wrote:
Per-Olov Sjvholm p...@incedo.org writes:
None said anything about a password.. From where did you get that? I don't
have a plain text password.
A port knocking sequence is for most purposes a password, encoded in a
16 bit alphabet.
Per-Olov Sjvholm p...@incedo.org writes:
we have to use something that works from all places. The content is
not a secret, but something you have to pay a little for. So... not
critical.
Being the lazy git that I am, I could imagine that simply generating a
sufficiently obfuscated set of
So if anybody can come up with a better approach I will be very happy.
You've already been told, by multiple people, that a better approach is
to use the things that are available to you via the rich possibilities
of HTTP to solve this problem.
Sometimes, you're the lone genius who is
On Tue, Feb 16, 2010 at 12:27 PM, Per-Olov SjC6holm p...@incedo.org wrote:
There is no authentication available in most RSS clients. If it was, i would
of course prefer or at least consider that. I am not that stupid you know.
https://example.com/feed.php?user=floortpasswd=SUPERSECRET
Every
2010/2/16 Per-Olov SjC6holm p...@incedo.org:
Hi misc
I am looking for a tool use as a trigger for dynamically open PF ports
from
certain IP:s.
I will access non critical info but want at least a port knocker as
security.
If I access an IP on my DMZ that is not in use on a port that is
On 16 feb 2010, at 17.17, Eugene Yunak wrote:
2010/2/16 Per-Olov Sjvholm p...@incedo.org:
Hi misc
I am looking for a tool use as a trigger for dynamically open PF ports
from
certain IP:s.
I will access non critical info but want at least a port knocker as
security.
If I access an IP on
On Wed, Feb 17, 2010 at 12:40:02AM +0100, Per-Olov Sj?holm wrote:
| Amazing that so many people in this forum cannot read and therefor answer to B
| when I ask for A.
It's amazing that you get so much free (and good, imo) advice and then
not only completely ignore it, but even go out of your way
Paul == Paul de Weerd we...@weirdnet.nl writes:
Paul Jeez... As an asker, you don't really get to decide how or what other
Paul people answer, or if they even answer at all.
As I snipped off a Usenet group once:
Get real! This is a discussion group, not a helpdesk. You post
something
On 17 feb 2010, at 02.07, Randal L. Schwartz wrote:
Paul == Paul de Weerd we...@weirdnet.nl writes:
Paul Jeez... As an asker, you don't really get to decide how or what other
Paul people answer, or if they even answer at all.
As I snipped off a Usenet group once:
Get real! This is a
39 matches
Mail list logo