I'm curious if you are thinking of a ghost service, where there is an open port 80 already, or a default closed port 80.
There are two downsides of tcpraw that I know of. The first is that it requires a raw socket on the sending machine, implying it requires running as root. The other potential problem is that SPA in a TCP syn packet is technically a malformed packet, and could possibly be dropped in transit as a result. A potential benefit is that if the traffic was being sniffed, a connection to port 80 might not immediately be identified as an SPA packet, particularly if sent as an http request. If you had a honeypot style http server running and internet reachable, you could instead send the SPA string as an http get request. Fwknop supports detecting this sending method via pcap. In this case, the protected service would be a ghost service. I am not aware of any other issues with sending SPA over the same port as the protected service. --Jonathan Bennett On Fri, Oct 16, 2015, 11:52 AM Trent Hampton <trenthamp...@gmail.com> wrote: > Is it a good or bad idea to send SPA packets on the same port that you > want to protect? > > For example, suppose we are running httpd on serverA and listening on port > 80. > > What are the benefits or risks of sending SPA packets on port 80 over > tcpraw? > > Thank you, > > Trent > > ------------------------------------------------------------------------------ > _______________________________________________ > Fwknop-discuss mailing list > Fwknop-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss >
------------------------------------------------------------------------------
_______________________________________________ Fwknop-discuss mailing list Fwknop-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
