Cyberduck Mountain Duck CLI

Opened on Jan 11, 2007 at 10:37:45 PM

Closed on May 18, 2007 at 9:50:47 PM

#990 closed enhancement (wontfix)

add GUI for basic port knocking

Reported by: andrewz Owned by: dkocher
Priority: normal Milestone:
Component: core Version: 2.7.1
Severity: normal Keywords:
Cc: Architecture:
Platform:

Description

Please add support for basic (empty TCP/UDP packets to certain ports) port knocking, which is a simple security system often used with SSH. It should be very easy to add support.

Port knocking is good because it's easy (especially compared to keys and other VPN stuff) for users, network administrators, and software developers. Port knocking helps mitigate random dictionary attacks.

Right now our Mac OS X user has to use a script in a terminal, which is not convenient.

Some info here: http://en.wikipedia.org/wiki/Port_knocking http://www.zeroflux.org/cgi-bin/cvstrac.cgi/knock/wiki

Change History (5)

comment:1 Changed on Jan 13, 2007 at 6:32:39 PM by dkocher

  • Resolution set to wontfix
  • Status changed from new to closed

I don't like security through obscurity.

comment:2 Changed on Jan 15, 2007 at 6:31:12 PM by andrewz

  • Resolution wontfix deleted
  • Status changed from closed to reopened

I don't like "security through obscurity" either, but this is different. Port knocking is very similar to passwords (which are very standard in your software already). For example, either can be defeated with a lot of patience. So if you think PK is obscurity, so are passwords. Actually, I found an article on the subject: http://www.portknocking.org/view/about/obscurity

Actual obscurity would be simply changing the SSH daemon port number.

Please reconsider.

comment:3 Changed on Jan 15, 2007 at 7:58:41 PM by dkocher

Is there an client-side opensource implementation in C/Objective-C/Java available?

comment:4 Changed on Jan 15, 2007 at 8:12:31 PM by andrewz

Port knocking client implementation in C under open source license: http://www.zeroflux.org/cgi-bin/cvstrac.cgi/knock/wiki

More implementations: http://portknocking.org/view/implementations

comment:5 Changed on May 18, 2007 at 9:50:47 PM by dkocher

  • Resolution set to wontfix
  • Status changed from reopened to closed
Note: See TracTickets for help on using tickets.