we will never let that shit even remotely close to our tree. period.
* Johan Söderberg johan.s.u...@gmail.com [2011-03-04 15:00]:
In my mind this is not security by obscurity, no more than one-time
passwords.
The ports can be compared to the keys of a keyboard when typing a password.
As
Henning Brauer henning at openbsd.org writes:
we will never let that shit even remotely close to our tree. period.
we don't need you to tell us that as that shit already works. full stop.
2011/2/28, Karl O. Pinc:
If you want it to be secure you make the knock code a ome-time-pad.
2011/3/1, me:
If I change the knock ports every time I log in, I should be fine, right?
Nah, still vulnerable to MITM.
Just intercept and stop the knocks from reaching, and replay them yourself.
But it
A quick google on 'pf port knocking' turned up the following that might be of
interest.
http://www.lazyscripter.com/2010/04/port-knocking-with-pf/
On Feb 28, 2011, at 10:17 AM, Johan Söderberg wrote:
A ridiculously simple idea.
Protect your port, say ssh, by adding a code to access it.
Ok,
Johan Söderberg johan.s.u...@gmail.com writes:
For a client to connect to a service, it need to unlock the port with a code.
The code is made of predefined blocked ports, that makes pf trigger.
You have just described 'port knocking'. It's been discussed in PF
contexts before (I forget which
On Mon, February 28, 2011 10:17 am, Johan Söderberg wrote:
A ridiculously simple idea. Protect your port, say ssh, by adding a code
to access it. Ok, that's nothing new, but maybe how it's done.
For a client to connect to a service, it need to unlock the port with a
code. The code is made of
spamassassinexception
Thank you so much for your input!
If I change the knock ports every time I log in, I should be fine, right?
Please comment on my ruleset, brain fart again?
knock1 = 1
knock2 = 2
open = 22
block drop in all
block drop quick on $extif inet proto tcp \
from any to
A ridiculously simple idea.
Protect your port, say ssh, by adding a code to access it.
Ok, that's nothing new, but maybe how it's done.
For a client to connect to a service, it need to unlock the port with a code.
The code is made of predefined blocked ports, that makes pf trigger.
If the first
On 02/28/2011 09:17:25 AM, Johan Söderberg wrote:
A ridiculously simple idea.
Protect your port, say ssh, by adding a code to access it.
Ok, that's nothing new, but maybe how it's done.
For a client to connect to a service, it need to unlock the port with
a code.
The code is made of