Tip of the Trade: Knockd
Port-knocking has long been kicked around as a nearly fool-proof tactic for keeping intruders out of the network, while unfailingly allowing only legitimate connections. It works like this: The "secret knock" daemon listens on a network interface for a specific sequence of "knocks," or port hits. The client "knocks" by sending TCP or UDP packets to certain ports on the server. You don't need to leave any ports open for this work, because the daemon listens at the link-layer level. When the "secret knock" daemon detects the correct sequence of port hits, opens a port, and allows incoming traffic.
Thus, to all outward appearances the server has no open ports, except for clients that know the correct "shave-and-a-haircut" knock.
Although the concept is attractive, implementation has been difficult, requiring some rather complex scripting and iptables hacks. Complexity is the enemy of security, and while accidentally locking yourself out of your own servers can be considered the ultimate security measure, it has obvious downsides.
- Login or register to post comments
- Printer-friendly version
- 1254 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago