Alert!! -- PortKnocking
Ow Mun Heng
Ow.Mun.Heng at wdc.com
Sat Sep 18 15:35:58 UTC 2004
On Fri, 2004-09-17 at 13:07, Nifty Hat Mitch wrote:
> On Thu, Sep 16, 2004 at 02:59:25AM +0200, Alexander Dalloz wrote:
> >
> > > > To prevent to let the script kids ...
> ...
> > > Security by obscurity.. :-)
> >
> > moment this is enough to stop the scripts. When they begin to really
> > scan for the ports with SSH behind I will activate portknocking. Not
> > because I have insecure passwords in use or do not keep both eyes on
> > necessary security updates, but because I do not like to have to go each
> > day to hundreds of log file lines caused by wannabee intruders.
>
> This sounds like a valid use of port knocking.
> In and of itself port knocking should be understood.
>
> This is an interesting critique of it.
> http://software.newsforge.com/software/04/08/02/1954253.shtml
If not mistaken that's the exact article I was reading(I can't verify as
I'm now on a Plane). However, to me, (and most others) that's a very
valid use of port knocking.
Yeah.. you can do ethereal/tcpdump traces but that's a whole lot of work
to do. It's not like you're beraking into Fort Knox right?
To me, it's not that they can't get in, even if they can, I rather just
make sure that they don't have it easy,
--
Ow Mun Heng
Fedora GNU/Linux Core 2 on D600 1.4Ghz CPU kernel
2.6.7-2.jul1-interactive
Neuromancer 18:44:35 up 21:57, 2 users, load average: 0.45, 1.84, 2.14
More information about the fedora-list
mailing list