port knocker client
rox
I already know about Darwinports and fwknop but I am looking for a
client to knock for access using a traditional port knocker like Knock
for windows (if anyone has heard of that). Thanks
Tom Stiller
rox <roxge...@gmail.com> wrote:
Never heard of it. What's it do?
--
Tom Stiller
PGP fingerprint = 5108 DDB2 9761 EDE5 E7E3 7BDA 71ED 6496 99C0 C7CF
rox
> Never heard of it. What's it do?
>
> --
> Tom Stiller
A port knocker client communicates with a daemon on a server which is
listening for a specific knock sequence. So if it's an ssh server on a
secured network, you can knock from anywhere. It is just another level
of authentication. I need it to get into my work server. I have a
knock client for Windows which is fine, but I can't find one for the
Mac, Mac OS X or FreeBSD.
>From Wikipedia:
The port "knock" itself is similar to a secret handshake and can
consist of any number of TCP, UDP or even sometimes ICMP and other
protocol packets to numbered ports on the destination machine. The
complexity of the knock can be anything from a simple ordered list
(e.g. TCP port 1000, TCP port 2000, UDP port 3000) to a complex time-
dependent, source-IP-based and other-factor-based encrypted hash.
Tom Stiller
rox <roxge...@gmail.com> wrote:
> > Never heard of it. What's it do?
> >
>
So it's a form of security by obscurity?
I prefer Public Key Authentication of the SSH connection. You can still
connect from anywhere, but the server retains control (via custody of
the public keys) over *who* can connect.
Wayne Dernoncourt
(in article <tomstiller-2315A...@comcast.dca.giganews.com>):
Not really (security by obscurity). If a system is perfectly secured, you
will get no response from any port a potential intruder tries to use. The
analogy that was being used to develop was similar to the old movie
where someone would knock on a door, a little window would open up
and the guy outside the door would say "Joe sent me" to be let in. There
was a podcast, that talked a little about this. You can listen to more
http://www.grc.com/SecurityNow.htm, it's episode 80, question 12. They
have a transcript as well (the Internet Explorer symbol) and straight text
as the mp3 file.
Wayne C. Morris
Tom Stiller <tomst...@comcast.net> wrote:
> In article <1189214821....@r34g2000hsd.googlegroups.com>,
> rox <roxge...@gmail.com> wrote:
>
> > > Never heard of it. What's it do?
> > >
> >
> > A port knocker client communicates with a daemon on a server which is
> > listening for a specific knock sequence. So if it's an ssh server on a
> > secured network, you can knock from anywhere. It is just another level
> > of authentication. I need it to get into my work server. I have a
> > knock client for Windows which is fine, but I can't find one for the
> > Mac, Mac OS X or FreeBSD.
> >
> > >From Wikipedia:
> >
> > The port "knock" itself is similar to a secret handshake and can
> > consist of any number of TCP, UDP or even sometimes ICMP and other
> > protocol packets to numbered ports on the destination machine. The
> > complexity of the knock can be anything from a simple ordered list
> > (e.g. TCP port 1000, TCP port 2000, UDP port 3000) to a complex time-
> > dependent, source-IP-based and other-factor-based encrypted hash.
>
> So it's a form of security by obscurity?
To a large extent, yes. But as he said, it's *another layer* of
security -- it's not intended to be the only security protecting the
server.
> I prefer Public Key Authentication of the SSH connection. You can still
> connect from anywhere, but the server retains control (via custody of
> the public keys) over *who* can connect.
And you can combine that with port knocking. If a client sends the
right knock sequence, the SSH port will be opened for him, but then he's
faced with trying to pass the SSH authentication.
Michael Newbery
Is it one of these?
http://www.portknocking.org/view/implementations
If it is a Windows specific implementation you may be out of luck.