[FoRK] Re: CRYPTO-GRAM, March 15, 2004
Rohit at ICS.uci.edu
Tue Mar 16 11:05:44 PST 2004
Just wanted to add this one for the archives -- tres cool!
On Mar 14, 2004, at 11:14 PM, Bruce Schneier wrote:
> Port knocking is a clever new computer security trick. It's a way to
> configure a system so that only systems who know the "secret knock"
> can access a certain port. For example, you could build a
> port-knocking defensive system that would not accept any SSH
> connections (port 22) unless it detected connection attempts to closed
> ports 1026, 1027, 1029, 1034, 1026, 1044, and 1035 in that sequence
> within five seconds, then listened on port 22 for a connection within
> ten seconds. Otherwise, the system would completely ignore port 22.
> It's a clever idea, and one that could easily be built into VPN
> systems and the like. Network administrators could create unique
> knocks for their networks -- family keys, really -- and only give them
> to authorized users. It's no substitute for good access control, but
> it's a nice addition. And it's an addition that's invisible to those
> who don't know about it.
More information about the FoRK