Port Knock service secures the network by having all the ports closed and listens on a secret port for the secret handshake.
When the client intiates a connection, the connection is verified through the internal database as to which service the particular client has access to. The doorman approves the connection. Once the client is approved the connection, it is only allowed access to the particular service for only that particular session. And in the whole process passwords are never exchanged. The advantage gained here is the client is given access to the required service only within the requested session, which defeats port scanners, sniffers, network hijackers and the rest of the scum. Cheers, Brian On 10/10/08, Daniel Pittman <[EMAIL PROTECTED]> wrote: > > "Brian Sydney Jathanna" <[EMAIL PROTECTED]> writes: > > On 10/9/08, Phill O'Flynn <[EMAIL PROTECTED]> wrote: > >> > >> Hi everyone > >> I am running a fedora server and currently using hosts.allow to > >> only allow ssh accesses from specific ip addresses. I did this because I > >> was getting > >> a lot of idiots from eastern Europe and Russia tring to crack my server. > >> > >> This has been ok but now is prooving to be too restrictive. Can I get > the > >> server to force certificate based logins only?? If so how do I do it?? > Is > >> this the > >> best approach anyway?? > > > > I guess the best approach would be to consider using Port Knock > > http://www.portknocking.org/ > > Why would you consider that the best approach? > > Port knocking is an additional password specified through a non-standard > mechanism, plus the added "security" of doing strange IP related things. > > You gain *exactly* as much protection by providing yourself a CGI script > where you can enter a password and have the firewall modify your > firewall dynamically, without the added complexity or debugging of > having to find out why your IP based "knock" was delivered out of order, > or any of the other potential issues. > > Regards, > Daniel > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
