add GUI for basic port knocking

[andrewz]

Please add support for basic (empty TCP/UDP packets to certain ports) port knocking, which is a simple security system often used with SSH. It should be very easy to add support.

Port knocking is good because it's easy (especially compared to keys and other VPN stuff) for users, network administrators, and software developers. Port knocking helps mitigate random dictionary attacks.

Right now our Mac OS X user has to use a script in a terminal, which is not convenient.

Some info here: ​http://en.wikipedia.org/wiki/Port_knocking ​http://www.zeroflux.org/cgi-bin/cvstrac.cgi/knock/wiki

[dkocher]

I don't like security through obscurity.

[andrewz]

I don't like "security through obscurity" either, but this is different. Port knocking is very similar to passwords (which are very standard in your software already). For example, either can be defeated with a lot of patience. So if you think PK is obscurity, so are passwords. Actually, I found an article on the subject: ​http://www.portknocking.org/view/about/obscurity

Actual obscurity would be simply changing the SSH daemon port number.

Please reconsider.

[dkocher]

Is there an client-side opensource implementation in C/Objective-C/Java available?

[andrewz]

Port knocking client implementation in C under open source license: ​http://www.zeroflux.org/cgi-bin/cvstrac.cgi/knock/wiki

More implementations: ​http://portknocking.org/view/implementations