[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pf port knocking
> For those unfamiliar with the technique, it is like
> knocking a certain pattern/code on a door to open it.
anyone unfamiliar with the technique hasn't read the archives
whatsoever and thus is not going to garner favour from anyone
here at all.
> Has anyone heard of anyone working on a portknocking daemon for
> OBSD/pf? There are a couple of basic setups over at
> www.portknocking.org but thought I would check here before attempting a
i would venture to guess, probably not. portknocking topic shows
up in [email protected] or [email protected] once every three months it seems, and someone comes
in all full of stars and hope, but the blinding majority of
code-contributing members, as well as at least the regular majority
of list members don't really seem to want anything to do with it...
some people seem to think it's "cool" and "hip" and "stealthy" while
others think it is "cumbersome", "increases liability", and is
essentially energy better spent elsewhere.
> they have at portknocking.org and see what I can do for pf. I would
> imagine I will have to setup anchors in pf which I haven't done yet but
> am sure I will get my head around it. Any pointers would be
> appreciated! :)
anchors are cake. spend some time with authpf(8) and you can get
to know anchors very quickly.
instead of motioning to start a discussion about something that will
probably want to make people jump down your throat, perhaps just
use LogLevel QUIET or FATAL for sshd? if you think that sshd is a
"loose end" that needs to be tied up, why not just do something
far simpler and clearer like setup isakmpd or whatever vpn setup
you need and only let sshd listen on the internal iface or otherwise
filter the rest out? far less crappy voodoo to break or setup wrong.
> I will also need to write a windows util to do the knocking for the
> contractors - can Perl run on a Windows machine or will I have to dust
> off my C compiler? :)
i think there are perl interpreters for windows.
[ openbsd 3.6 GENERIC ( nov 4 ) // i386 ]