I don't agree with you. See this: http://portknocking.org/view/details Port knocking can be made even more secure by using 'recent' match and TARPIT target. If you send any packet to a port of my server that is not listening to (other than secret port), you will have to stay quite for 5 minutes to send another try. Now, if there have 3 sequential port to get in my server using port knocking technique, how easy it will be if you fail to provide the sequence correctly. You will have just one chace to provide the sequence in every five minutes. This can be make even harder by having 5 or more sequence of port or by using TARPIT target. At the end, if you really can get 22 port open, I will suggest you to spent one night in Las Vegas and share the winning money at morning with us! :p Mohammad Original Message: ----------------- From: Andrew Schulman andrex@xxxxxxxxxxxxxxxxx Date: Thu, 19 May 2005 11:01:24 -0400 To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: SSH Brute force attacks > How about this: > > 1. You will keep one random high port to accept new connection, say 32456. > You box wont listen on that port though. > 2. If there have a request on that port, using recent match, you will > accpet new connection in different high port for 1 mintute. say port is > 34521 > 3. You will send new connection request on 34521, again using recent match > you will open port 22 to accept new connection for 1-3 minutes. > 4. You will log into your box !! Port knocking is the same as a plaintext password. http://software.newsforge.com/software/04/08/02/1954253.shtml -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web.com/ .
