[Melbourne-pm] Knockd for Web

Scott Penrose scottp at dd.com.au
Tue Jun 2 21:26:27 PDT 2009


Hi Toby,

We are getting off topic here, but ...

----- "Toby Corkindale" <toby.corkindale at strategicdata.com.au> wrote:
> So...
> How does the port knocking /stop/ such attackers? I mean, you seem to
> be 
> assuming that your attackers can bypass your existing authentication 
> mechanisms on ssh. If they can do that, then surely they will find it
> absolutely trivial to capture a few packets indicating which ports to
> knock upon too?
> 
> I can't help but feel that your time would be more effectively spent
> in 
> other ways to increase your security - eg. Auditing your CGI scripts,
> keeping track of new exploits, carrying hardcopies of server cert 
> fingerprints, automated warnings about suspicious activity, seLinux, 
> appArmour, honeypots, tripwires, and god knows what else that more 
> paranoid people than I can recommend.. and only worrying about your 
> security-through-obscurity once you've exhausted the mountain of 
> security-through-security methods available ;)

I am only replying to this one to say that I won't even try to explain. I was asking here a perl CGI question, in case someone new an answer. This is not really the place to describe security.

All I can tell you is - look it up on the net. You will find hundreds of articles, from experts, explaining why knockd adds security/convenience/(add your reason here). You can even find articles that say it does not add anything. You are welcome to then decide why it does or does not add your desired feature. My request and email was not IF I should do something, or asking for a debate on security, but just a question in case someone already had written a CGI equivelent. No one has answered my question so I will assume no one has heard of one.

But for me to try and tell here you would be a waste because: a) There is heaps of articles on the net about it already; b) I am not as expert as they are.

Sometimes I think we need a way to change topics better on email threads. E.g. we are now having conversations on the security (or not) of adding knockd - which was not my request, and the thread gets very confused :-)

Thanks for all your time though, I appreciate the efforts.

Scott
-- 
http://scott.dd.com.au/
scottp at dd.com.au




More information about the Melbourne-pm mailing list