[FoRK] Re: CRYPTO-GRAM, March 15, 2004

Rohit Khare Rohit at ICS.uci.edu
Tue Mar 16 11:05:44 PST 2004


Just wanted to add this one for the archives -- tres cool!

Rohit

On Mar 14, 2004, at 11:14 PM, Bruce Schneier wrote:

> Port knocking is a clever new computer security trick.  It's a way to 
> configure a system so that only systems who know the "secret knock" 
> can access a certain port.  For example, you could build a 
> port-knocking defensive system that would not accept any SSH 
> connections (port 22) unless it detected connection attempts to closed 
> ports 1026, 1027, 1029, 1034, 1026, 1044, and 1035 in that sequence 
> within five seconds, then listened on port 22 for a connection within 
> ten seconds.  Otherwise, the system would completely ignore port 22.
>
> It's a clever idea, and one that could easily be built into VPN 
> systems and the like.  Network administrators could create unique 
> knocks for their networks -- family keys, really -- and only give them 
> to authorized users.  It's no substitute for good access control, but 
> it's a nice addition.  And it's an addition that's invisible to those 
> who don't know about it.
>
>
> <http://www.linuxjournal.com/article.php?sid=6811>
> <http://www.portknocking.org/>



More information about the FoRK mailing list