#990 closed enhancement (wontfix)
add GUI for basic port knocking
Reported by: | andrewz | Owned by: | dkocher |
---|---|---|---|
Priority: | normal | Milestone: | |
Component: | core | Version: | 2.7.1 |
Severity: | normal | Keywords: | |
Cc: | Architecture: | ||
Platform: |
Description
Please add support for basic (empty TCP/UDP packets to certain ports) port knocking, which is a simple security system often used with SSH. It should be very easy to add support.
Port knocking is good because it's easy (especially compared to keys and other VPN stuff) for users, network administrators, and software developers. Port knocking helps mitigate random dictionary attacks.
Right now our Mac OS X user has to use a script in a terminal, which is not convenient.
Some info here: http://en.wikipedia.org/wiki/Port_knocking http://www.zeroflux.org/cgi-bin/cvstrac.cgi/knock/wiki
Change History (5)
comment:1 Changed on Jan 13, 2007 at 6:32:39 PM by dkocher
- Resolution set to wontfix
- Status changed from new to closed
comment:2 Changed on Jan 15, 2007 at 6:31:12 PM by andrewz
- Resolution wontfix deleted
- Status changed from closed to reopened
I don't like "security through obscurity" either, but this is different. Port knocking is very similar to passwords (which are very standard in your software already). For example, either can be defeated with a lot of patience. So if you think PK is obscurity, so are passwords. Actually, I found an article on the subject: http://www.portknocking.org/view/about/obscurity
Actual obscurity would be simply changing the SSH daemon port number.
Please reconsider.
comment:3 Changed on Jan 15, 2007 at 7:58:41 PM by dkocher
Is there an client-side opensource implementation in C/Objective-C/Java available?
comment:4 Changed on Jan 15, 2007 at 8:12:31 PM by andrewz
Port knocking client implementation in C under open source license: http://www.zeroflux.org/cgi-bin/cvstrac.cgi/knock/wiki
More implementations: http://portknocking.org/view/implementations
comment:5 Changed on May 18, 2007 at 9:50:47 PM by dkocher
- Resolution set to wontfix
- Status changed from reopened to closed
I don't like security through obscurity.