[Cialug] RE: SSH ports Security Paper - Theron?

Theron Conrey theron.conrey at dice.com
Thu Jul 17 12:20:50 CDT 2008


So I'd read what it is, has anyone used/using it?

-----Original Message-----
From: cialug-bounces at cialug.org [mailto:cialug-bounces at cialug.org] On Behalf Of Don Cady
Sent: Thursday, July 17, 2008 11:27 AM
To: Central Iowa Linux Users Group
Subject: Re: [Cialug] RE: SSH ports Security Paper - Theron?

Yes.
While not exactly the same, you can have multiple ports/doors, and the knock combination must be correct accross those ports/doors. It primarily decreases the effectiveness of outside port scanning. While it can and should be used in combination with whitelists/blacklists, keys, etc, no other security advantages are implied.

Don

On Thu, Jul 17, 2008 at 9:00 AM, Colin Burnett <cmlburnett at gmail.com> wrote:
> Point being that you perform some sequence of port hits and it'd open,
> say, ssh?  Does it include a client that can execute a given sequence
> as a string or would you have to roll your own?
>
> It's like a secret knock at the door.
>
> Seems like the next step would be to take the concept of frequency
> hopping where the ssh listening port jumps port based on a predefined
> algorithm.
>
>
> Colin
>
> On Thu, Jul 17, 2008 at 8:47 AM, Theron Conrey <theron.conrey at dice.com> wrote:
>> I'll find the link today, however, has anyone used knockd? And with
>> what OS install?  How was the install/configuration?
>> (http://www.zeroflux.org/cgi-bin/cvstrac.cgi/knock/wiki)
>>
>> -Theron
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug


More information about the Cialug mailing list