1 |
Hello Kirk, |
2 |
|
3 |
I'll appreciate it ;) |
4 |
|
5 |
Goggling gives a lot of links to libpcap based port knockers, but I dislike idea always running in promiscuous mode. Also "magic packet" is a sort of overkill for me, because I need access from random locations with different OS'es preferably without any additional tools. |
6 |
If computer is untrusted, after logon I can change knock sequence without leaving any keys behind. Even if password gets compromised is not so dangerous in this scenario. |
7 |
|
8 |
By iptables based I mean using ulog or ipq to forward packets to knock daemon, thus its undetectable from outside and can be very fast. |
9 |
|
10 |
About a year ago I tested 5 or 6 port knockers but I didn't find any |
11 |
suitable for me. Some had terrible cpu usage on my machine, |
12 |
some not enough flexible configuration. |
13 |
|
14 |
|
15 |
KH> Yes, there are. I use one for my work servers that is iptables based. |
16 |
KH> I don't have any links for you unfortunately but I have seen them. If |
17 |
KH> you are really interested I can probably track down one I saw that used |
18 |
KH> iptables and was a combination style. I also know of an open source |
19 |
KH> "magic packet" style that I could probably find a link for if you were |
20 |
KH> interested. |
21 |
|
22 |
-- |
23 |
Best regards, |
24 |
boger mailto:boger@×××.ru |
25 |
|
26 |
-- |
27 |
gentoo-security@g.o mailing list |