Re: Port Knocking on openBSD?

[Magnus Bodin <magnus@bodin.org>]

On Fri, Feb 06, 2004 at 08:41:40AM -0500, Adam Skutt wrote:
> 
> Why should I care about exposed ports?  Security arises not out of how 

Every now and then there has been an exploit for SSH.
Last time it happened it took me 6 hours to 1. know about this. 2. Get to a
network. 3. Fix this.  The "port blinds" provided at least a protection against
the youngsters in the "wrong" time zone which jumps on new exploits immediately
and runs scanssh for targets.

> Why? Because a ping packet large enough to contain a username and a
> one-time password are larger than most, and any one monitoring your
> network, looking for a way in, will see that as a big red flag.

Not true.
A normal ping packet generated by "/sbin/ping" is big enough to include 16
bytes. If you use -p you can provide those 16 bytes on the commandline.
No change in size. 

The big red flag however would be an opened ssh-connection to the box. 

But that should not be a problem as openssh is safe, right?

Yes. Listening to ICMP echo requests has limitations and vulnerabilities and is
of course not a reason to *postpone* upgrades and patches. It is an addition,
complement, etc. 

-- 
    magnus, http://x42.com