[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Port Knocking on openBSD?

To: misc@openbsd.org
Subject: Re: Port Knocking on openBSD?
From: Greg Thomas <getbsd@sbcglobal.net>
Date: Fri, 6 Feb 2004 09:53:09 -0800 (PST)

Scenario:  I need to be able to SSH into a box from anywhere in the world but not very often, a new exploit of SSH comes out.  What's the better solution than port knocking to protect yourself from the exploit?

Just curious as it's interesting to think this stuff through and I'm not very knowledgable here.

Greg

Adam Skutt <askutt@wnec.edu> wrote:
Magnus Bodin wrote:
> On Thu, Feb 05, 2004 at 05:58:09PM -0500, Rick Wash wrote:
> 
> 
> But if you don't want to expose any tcp-ports at all, that includes port 22 as
> well. And if you are on the move and cannot guarantee that ah/esp et al is even
> transported then one alternative is to hide.

Why should I care about exposed ports? Security arises not out of how 
many ports are being shown or not shown, but rather how secure the 
servicse behind them are. It doesn't matter if all my ports are open if 
the services running them have no security flaws ( a pipe dream, but 
illustrates the point).

Follow-Ups:
- Re: Port Knocking on openBSD?
  - From: "Dom De Vitto" <dom@DeVitto.com>
- Re: Port Knocking on openBSD?
  - From: Nick Holland <nick@holland-consulting.net>

References:
- Re: Port Knocking on openBSD?
  - From: Adam Skutt <askutt@wnec.edu>

Prev by Date: NNTP server
Next by Date: Re: Adaptec 29320R
Prev by thread: Re: Port Knocking on openBSD?
Next by thread: Re: Port Knocking on openBSD?
Index(es):
- Date
- Thread