Fred, thanks for reminding me about this... good stuff! This is a concept that I first discovered in late 2000. I was experimenting with the proof of concept code from FX of Phenoelit. His code was called cd00r.c http://www.phenoelit.de/stuff/cd00rdescr.html I eventually got this working on an OpenBSD 2.6 firewall. It made me feel much better about leaving sshd exposed. While I am not a fan of security through of obscurity, I think of this as more like a combination lock with 65,000+ digits on the dial. About a year later, I noticed SAdoor from Claes M. Nyberg, which expanded on the concept: http://cmn.listprojects.darklab.org Fire up your compilers! ...Kevin On Tue, 2004-03-16 at 13:09, Fred Wright wrote: > I first read about this in Bruce Schneier's CRYPTO-GRAM, March 15, > 2004. Has anyone else heard/thought about this? > > /quote > Port Knocking > > Port knocking is a clever new computer security trick. It's a way to > configure a system so that only systems who know the "secret knock" can > access a certain port. For example, you could build a port-knocking > defensive system that would not accept any SSH connections (port 22) unless > it detected connection attempts to closed ports 1026, 1027, 1029, 1034, > 1026, 1044, and 1035 in that sequence within five seconds, then listened on > port 22 for a connection within ten seconds. Otherwise, the system would > completely ignore port 22. > > It's a clever idea, and one that could easily be built into VPN systems and > the like. Network administrators could create unique knocks for their > networks -- family keys, really -- and only give them to authorized > users. It's no substitute for good access control, but it's a nice > addition. And it's an addition that's invisible to those who don't know > about it. > > > > /endquote > > --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss