Hello Tobias,
TS> That's a possibility I once saw on slashdot: TS> iptables -A INPUT -p tcp --dport 1000 -m recent --remove --name PART1 TS> iptables -A INPUT -p tcp --dport 2000 -m recent --remove --name PART2 TS> iptables -A INPUT -p tcp --dport 3000 -m recent --remove --name PART3 TS> iptables -A INPUT -p tcp --dport 1000 -m recent --set --name PART1 TS> iptables -A INPUT -p tcp --dport 2000 -m recent --set --name PART2 TS> iptables -A INPUT -p tcp --dport 3000 -m recent --set --name PART3 TS> iptables -A INPUT -p tcp --dport 22 -m recent --rcheck --seconds 30 \ TS> --name PART1 --name PART2 --name PART3 -j ACCEPT It's the best :) I'll add some protection from plain port scan. iptables -A INPUT -p tcp --dport 999 -m recent --remove --name PART1 iptables -A INPUT -p tcp --dport 1001 -m recent --remove --name PART1 ... TS> There are numerous knock, knock implementations listed at: TS> http://www.portknocking.org/view/implementations/implementations I've found this page not long ago, most promising temprules. I'm currently experimenting with them. TS> IMHO, the problem with "normal" port knocking tools is the dependency on TS> client software. I would prefer a solution which can be used without TS> (too much) hassle (eg. using telnet and then putty or such). TS> This evidently is not be possible when using more sophisticated port TS> knocking with timing or specially crafted / encrypted packages, unless TS> you have a really good feel for timing.. ;-) Same to me ;) or even a web browser: http://somehost:123 -- Best regards, boger mailto:[EMAIL PROTECTED] -- [email protected] mailing list
