"Port Knocking" For Added Security
Jeff writes "The process of Port Knocking is a way to allow only people who know the "secret knock" access to a certain port on a system. For example, if I wanted to connect via SSH to a server, I could build a backdoor on the server that does not directly listen on port 22 (or any port for that matter) until it detects connection attempts to closed ports 1026,1027,1029,1034,1026,1044 and 1035 in that sequence within 5 seconds, then listens on port 22 for a connection within 10 seconds.
The web site explains it in some detail, and there is even an experimental perl implementation of it that is available for download. I can't think of any easy ways you could get around a system using this security method - let alone even know that a system is implementing it.
Another article on port knocking is here."
That is a very old method i developed with my friends. We would only open the door after a "secret" knock sequence. We had seen this on TV and thought this would be cool. We jeopardized the security regularly when we said "wrong knock" after someone else knocked. Usually parents. Then they would say "open up". And we had to comply.
Is the site slashdotted...
...or do I have to knock my way in?
I demand the Cone of Silence!
This reminds me of a cgi driven website I visited a loooong time ago (1996?)
I was creating a user account, and was using the password "beelzebub". However, the system refused to let me create the account. It displayed a page which stated "That password is invalid: It is being used by another user. Please select a unique password."
Apparently, some genius thought it was good security to ensure that no two users had the same password. I hope you can see the intrinsic flaw in this :-)