Slashdot Mirror

← Back to Stories (view on slashdot.org)

Knock Safely With portknocking_v1.0

Posted by timothy on Thursday June 17, 2004 @06:57PM from the who-is-it-this-time dept.

mrdeathgod writes "The Port Knocking project at SourceForge has just released portknocking_v1.0. Based on my undergrad thesis, this client/server package does not use pre-defined knock sequences, but rather utilizes Blowfish in order to encrypt the client data into a sequence of port numbers. This enables a client with the proper password to remotely manipulate firewall rules without fear of replay attacks. While currently designed for FreeBSD+ipfilter, expanded portability is in the works."

1 of 78 comments (clear)

Min score:

Reason:

Sort:

Re:You forget by claudius0425 · 2004-06-18 02:48 · Score: 2, Informative

He has a good point. Consider, for example, a student at a university that forbids you to run any servers (say, UF with ICARUS). With portknocking, you could keep all ports closed yet, with minimal effort, open a transient hole in your firewall, allowing you to, say, access an ssh server, but only from the machine originating the portknock. This is particularly useful in a DHCP based environment, where a static firewall rule would be utterly ineffectual.

DISCLAIMER: No, I do not attend UF, don't send in the goons. It is just an example.

--
Phus. Sysiphus.