 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Tue, 2008-08-12 at 11:59 -0400, Tom Metro wrote: > Anyone have a favorite tool they've used to implement port knocking or a > similar stealth access scheme? (I have a few tools bookmarked, but would > like to hear of first hand experiences.) I've never used port knocking, but I've heard knockd is pretty good. Also, remember that knocking is roughly equivalent to sending passwords cleartext with a little amount of stegonagraphy. Anybody sitting in the middle can read what ports you knock to get in, so you should probably have at least one other (stronger) authentication method in addition to knocking. Port knocking also doesn't perform reverse authentication, so you have no way to verify that the server you're connecting to is the server you think it is. If you're thinking of using port knocking to hide a locked down sshd, it can't make it less secure, but I wouldn't use it to hide telnet. -- David Eric Mandelberg / dseomn http://eth0.is-a-geek.org/ Tue Aug 12 12:21:43 EDT 2008 _______________________________________________ Discuss mailing list [hidden email] http://lists.blu.org/mailman/listinfo/discuss
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
