On Mon, February 28, 2011 10:17 am, Johan Söderberg wrote: > A ridiculously simple idea. Protect your port, say ssh, by adding a code > to access it. Ok, that's nothing new, but maybe how it's done. > > For a client to connect to a service, it need to unlock the port with a > code. The code is made of predefined blocked ports, that makes pf > trigger. If the first code port is triggered, IP address enters a state > with timestamp. If the next port that the address triggers, matches the > next code port within a timeframe, let it enter new state, else lose > state. When all code ports have been triggered in the right order, allow > address to pass. > > Sure it's not safe from MITM, but it protects from scans, and allows you > to connect from dynamic IP addresses. There are 65536 ports, that gives > you 65536^n possible combinations where n is the number of ports in your > code. So you probably won't need more than 2-3 ports in your code. > > Say what you think! And if you like my brain fart, would you want to > implement it?
Also known as 'Port Knocking': <http://en.wikipedia.org/wiki/Port_knocking> I recall it was discussed here a while back. I can't recall what the exact arguments were, but I don't suppose it'd be hard to write a userland daemon to implement it using anchors. Daniel T. Staal --------------------------------------------------------------- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. ---------------------------------------------------------------
