User: Password:
Subscribe / Log in / New account

A proposal for "silent" port knocking

A proposal for "silent" port knocking

Posted Dec 19, 2013 20:30 UTC (Thu) by imitev (guest, #60045)
Parent article: A proposal for "silent" port knocking

One of the requirements of Moxie Marlinspike's (Thoughtcrime) port knock implementation [1] was

"I don't want something that runs in the kernel."

Sadly there's no explanation but one would guess he's against the added complexity of having something in the kernel.

FWIW, I've tried quite a few port knock implementations over the years (but not Marlinspike's one, which is on my todo list for months); I've eventually settled on a custom solution: since I'm running a web server anyway, I've set up an https restricted area with a cgi-bin that writes my IP/username to a temporary file. The firewall wgets the file every minute and adds/removes stuff with iptables's xt_recent. Works perfectly.


(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds