--On Wednesday, March 27, 2013 8:59 PM -0400 Tom Metro
<[email protected]> wrote:
Not merely workarounds...it's trivial to design a port knocking scheme
that is resistant to DoS attacks.
Perhaps, but it isn't as easy to implement such a system such that use is
transparent to users. That's not me saying that security is a tradeoff with
usability. That's me saying that you're using the wrong tool.
Of course any public facing server is subject to DoS attacks if the
sender can overwhelm your inbound bandwidth.
That's orthogonal to the point: your port knocking "security" wall and my
IP spoofing can subject you to DoS attacks with a handful of packets unless
you implement workarounds for the lockout. If you have to work around a
basic function of the security system just to make it usable then you're
using the wrong tool for the job.
But I repeat myself.
--
Rich P.
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss
