Combining Port Knocking With OS Fingerprinting
michaelrash writes "Port knocking implementations are on the rise. I have just released fwknop; (the Firewall Knock Operator) at DEF CON 12. Fwknop implements both shared and encrypted knock sequences, but with a twist; it combines knock sequences with passive operating system fingerprints derived from p0f. This makes it possible to allow, say, only Linux systems to connect to your SSH daemon. Fwknop is based entirely around iptables log messages and so does not require a separate packet capture library. Also, at the Black Hat Briefings, David Worth has released a cryptographic port knock implementation based around one-time pads."
thank goodness, if there's one thing a hacker can't get his hands on, it's a copy of Linux!
yuk yuk yuk
and that's just what they'll do
one of these days these ports
are gonna walk all over you........
More defense and limitations are good, sure, but why filter by OS?
:)
It's so we can block out all those Linux machines, because we all know that's where the hackers are coming from
#!/