Hello Kirk, Is there IPtables based port knocker? I dislike idea opening ports for this purpose because they can be distinguished by some way. Promiscuous mode port knockers consume a lot of processor and I don't think it's good for production server.
KH> A port knocker of some sort is a much more secure solution that will KH> allow you to block all unwanted IP's but still allow for dynamic KH> addresses. There are port knockers that listen on various ports and KH> work like a combination lock to open the port, and there are others that KH> use a more secure one time pad "magic packet" kind of authentication to KH> open the port for your IP. It is more work to setup, but it is more KH> secure than just changing the port. Remember a few years ago when ssh KH> had a remote exploit? You probably shouldn't leave that port open. -- Best regards, boger mailto:[EMAIL PROTECTED] -- [email protected] mailing list
