On Fri, Jan 13, 2006 at 12:35:19PM +1300, Andrew Errington wrote: > much covered it. I'd like to second the suggestion of port knocking- i.e. > port 22 stays closed until certain other ports have been visited in a > certain order.
Port knocking is just silly - it's security by obscurity. It is a nice toy, and fun to play with, but ultimately all it adds to your overall security is a few bits of data, that could have been added to greater effect by extending the password/key length. At the same time, it's adding a potentially brittle mechanism in front of normal operations, that's bound to fail just when you need it, but leave you wondering - did the port knocking fail, or is the machine down? I don't believe it has any place in a production network, but it's an interesting learning toy for a home network ... -jim
