How do you give away your combination to anyone sniffing the network? Wouldn't they have to sniff the correct ports in the correct order? It's more like a password, where each of the chars can be any of 65000 possibilities. Much harder to crack than any regular old password. anthony From: Austin Godber Date: 2004/03/16 Tue PM 05:26:11 EST To: plug-discuss@lists.plug.phoenix.az.us Subject: Re: Port Knocking - An interesting idea Kevin wrote: > This is a concept that I first discovered in late 2000. I was > experimenting with the proof of concept code from FX of Phenoelit. His > code was called cd00r.c > > http://www.phenoelit.de/stuff/cd00rdescr.html > > I eventually got this working on an OpenBSD 2.6 firewall. It made me > feel much better about leaving sshd exposed. While I am not a fan of > security through of obscurity, I think of this as more like a > combination lock with 65,000+ digits on the dial. It is interesting, but ... you give away your combination to anyone sniffing on the network. So it is strictly security through obscurity and accomplishes little. Although it is a cool idea. Perhaps a single use combination that is shared between each host client pair would help ... but then it starts getting cumbersome. Austin --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss