Gentoo Archives: gentoo-security

From: boger <boger@×××.ru>
To: Kirk Hoganson <gentoo-security@l.g.o>
Subject: Re: [gentoo-security] [OT?] automatically firewalling off IPs
Date: Tue, 04 Oct 2005 18:49:48
In Reply to: Re: [gentoo-security] [OT?] automatically firewalling off IPs by Kirk Hoganson
Hello Kirk,

I'll appreciate it ;) 

Goggling gives a lot of links to libpcap based port knockers, but I dislike idea always running in promiscuous mode. Also "magic packet" is a sort of overkill for me, because I need access from random locations with different OS'es preferably without any additional tools. 
If computer is untrusted, after logon I can change knock sequence without leaving any keys behind. Even if password gets compromised is not so dangerous in this scenario.

By iptables based I mean using ulog or ipq to forward packets to knock daemon, thus its undetectable from outside and can be very fast.

About a year ago I tested 5 or 6 port knockers but I didn't find any  
suitable for me. Some had terrible cpu usage on my machine, 
some not enough flexible configuration.

KH> Yes, there are.  I use one for my work servers that is iptables based.
KH> I don't have any links for you unfortunately but I have seen them.  If
KH> you are really interested I can probably track down one I saw that used
KH> iptables and was a combination style.  I also know of an open source
KH> "magic packet" style that I could probably find a link for if you were
KH> interested.

Best regards,
 boger                            mailto:boger@×××.ru

gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] [OT?] automatically firewalling off IPs Kirk Hoganson <kirk2@×××××××××.com>