On Tue, Feb 16, 2010 at 11:28:28AM +0100, Per-Olov Sj?holm wrote: > > On 16 feb 2010, at 11.17, Bret S. Lambert wrote: > > >>> There is a way to do port knocking in pf without any external help. Maybe > >>> you can figure it out. I will not give more hints since port knocking is a > >>> dumb idea better spend your time reading on authpf(8). > >>> > >>> -- > >>> :wq Claudio > >>> > >> > >> How do you use authpf from a IPhone or similar... > >> > >> The reason is to use and RSS reader that cannot autenticate. I want some > >> sort > > > > An RSS reader that can't authenticate, but can ping a series of TCP/IP > > ports? > > Where did you get that from? I didn't say it could... No but all devices with > an RSS client, even phones, have a web browser that can have a bookmarked IP > and obscure port. > > > >> of security for it even though it's not critical. Therefor I want to just > >> have > > ^^^^^^^^ > > That word you keep using...I don't think it means what you think it means. > > Unless you've got a mechanism to randomize the ports on every port-knocking > > attempt, you're essentially using a plaintext password on the internet. > > > > None said anything about a password.. From where did you get that?
I said that you're *essentially* using a plaintext password, not that you're *actually* using a plaintext password. My meaning was that you're effectively using a security model that's been known to be bad for as long as I've been in the tech industry. > forcing the clients to first open their browser and access a > specific IP and a specific port. Yes, because those are impossible for an attacker to guess. > But again, the data is not that critical. Then why care about "security" at all? > And it's not likely they will guess the link. Congratulations; I'm actually at a loss for words after reading that.
