Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
Hello Tobias,
TS> That's a possibility I once saw on slashdot:
TS> iptables -A INPUT -p tcp --dport 1000 -m recent --remove --name PART1
TS> iptables -A INPUT -p tcp --dport 2000 -m recent --remove --name PART2
TS> iptables -A INPUT -p tcp --dport 3000 -m recent --remove --name PART3
TS> iptables -A INPUT -p tcp --dport 1000 -m recent --set --name PART1
TS> iptables -A INPUT -p tcp --dport 2000 -m recent --set --name PART2
TS> iptables -A INPUT -p tcp --dport 3000 -m recent --set --name PART3
TS> iptables -A INPUT -p tcp --dport 22 -m recent --rcheck --seconds 30 \
TS> --name PART1 --name PART2 --name PART3 -j ACCEPT
It's the best :)
I'll add some protection from plain port scan.
iptables -A INPUT -p tcp --dport 999 -m recent --remove --name PART1
iptables -A INPUT -p tcp --dport 1001 -m recent --remove --name PART1
...
TS> There are numerous knock, knock implementations listed at:
TS> http://www.portknocking.org/view/implementations/implementations
I've found this page not long ago, most promising temprules. I'm currently experimenting with them.
TS> IMHO, the problem with "normal" port knocking tools is the dependency on
TS> client software. I would prefer a solution which can be used without
TS> (too much) hassle (eg. using telnet and then putty or such).
TS> This evidently is not be possible when using more sophisticated port
TS> knocking with timing or specially crafted / encrypted packages, unless
TS> you have a really good feel for timing.. ;-)
Same to me ;)
or even a web browser: http://somehost:123
--
Best regards,
boger mailto:boger@...
--
gentoo-security@g.o mailing list
|
|
