On Fri, 11 Feb 2005, Matt Garman wrote: > Another idea, and I've only read about this (no actual experience), > but may be worth looking into: "port knocking". The basic concept > is that you would keep your ssh port closed *all* the time. You > need a secret "knock" to open the port. The knocking method is > achieved by pinging various ports in a specific order (and with > specific timing). > > So basically, before you can connect to port 22, you may have to > ping ports 302, 50, 17, 17, 22, 542, 1002, 98, 12. The server will > recognize the sequence and open port 22. > > Like I said, I don't have any firsthand experience with such a tool, > but I've always thought it sounds incredibly clever. > > Maybe someone around here has some experience with port knocking and > can offer some more insight.
There is a web site and implementations exist: http://www.portknocking.org/ -- Aj. -- [email protected] mailing list
