Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > Port Knocking

Reply
Thread Tools

Port Knocking

 
 
Lawrence D'Oliveiro
Guest
Posts: n/a
 
      04-01-2009
I'm not a fan of this sort of thing--seems too prone to replay attacks.

<http://www.go2linux.org/how-to-connect-to-your-PC-opening-the-firewall-iptables>

 
Reply With Quote
 
 
 
 
Stephen Worthington
Guest
Posts: n/a
 
      04-01-2009
On Wed, 01 Apr 2009 23:21:38 +1300, Lawrence D'Oliveiro
<(E-Mail Removed)_zealand> wrote:

>I'm not a fan of this sort of thing--seems too prone to replay attacks.
>
><http://www.go2linux.org/how-to-connect-to-your-PC-opening-the-firewall-iptables>


Much safer to just set up OpenVPN and keep the right certificates on
your laptop. Access is easy and very secure.

http://openvpn.net/
 
Reply With Quote
 
 
 
 
AD.
Guest
Posts: n/a
 
      04-01-2009
On Apr 1, 11:21*pm, Lawrence D'Oliveiro <l...@geek-
central.gen.new_zealand> wrote:
> I'm not a fan of this sort of thing--seems too prone to replay attacks.
>
> <http://www.go2linux.org/how-to-connect-to-your-PC-opening-the-firewal...>


Well you presumably wouldn't be relying on it for the actual security
- just an extra sprinkling of obscurity on top to stop the log files
filling up with failed attempts

Or you could try this approach:

http://www.cipherdyne.org/fwknop/

I don't actually use any of this stuff though - too fiddly. I might be
tempted to try out fwknop if there was an OpenBSD/pf implementation.

--
Cheers
Anton
 
Reply With Quote
 
Lawrence D'Oliveiro
Guest
Posts: n/a
 
      04-01-2009
In message <(E-Mail Removed)>, Allistar wrote:

> Out of interest, is a VPN solution like OpenVPN more secure that a well
> configured OpenSSH server?


It's not a question of "more" or "less" secure, it's offering different
functionality. A VPN makes your remote machine look like it's part of the
local network, with full access to local services (both UDP and TCP). SSH
gives you some access to local TCP services, but only by explicit
tunnelling.

 
Reply With Quote
 
steve
Guest
Posts: n/a
 
      04-01-2009
On Thu, 02 Apr 2009 09:19:31 +1300, Allistar wrote:

> Stephen Worthington wrote:
>
>> On Wed, 01 Apr 2009 23:21:38 +1300, Lawrence D'Oliveiro
>> <(E-Mail Removed)_zealand> wrote:
>>
>>>I'm not a fan of this sort of thing--seems too prone to replay attacks.
>>>
>>><http://www.go2linux.org/how-to-conne...C-opening-the-

firewall-iptables>
>>
>> Much safer to just set up OpenVPN and keep the right certificates on
>> your laptop. Access is easy and very secure.
>>
>> http://openvpn.net/

>
> Out of interest, is a VPN solution like OpenVPN more secure that a well
> configured OpenSSH server? By well configured I mean one that is running
> on a non standard port, only accepts public keys for authentication and
> only allows specific users to connect.


If you're using openvpn to connect your pc/network to another, then
you've created a private tunnel across the internet. If you then use that
network connection to connect - via ssh - to the remote server, you can
switch off the internet facing sshd service completely. Script kiddies
will then have to first tap into the vpn network before hacking your ssh
connection.

I'm sure this will become possible without some sort of social networking
at some time in the future, but at the moment I don't think it is
possible.

Steve
 
Reply With Quote
 
Stephen Worthington
Guest
Posts: n/a
 
      04-02-2009
On Thu, 02 Apr 2009 09:19:31 +1300, Allistar <(E-Mail Removed)> wrote:

>Stephen Worthington wrote:
>
>> On Wed, 01 Apr 2009 23:21:38 +1300, Lawrence D'Oliveiro
>> <(E-Mail Removed)_zealand> wrote:
>>
>>>I'm not a fan of this sort of thing--seems too prone to replay attacks.
>>>
>>><http://www.go2linux.org/how-to-connect-to-your-PC-opening-the-firewall-iptables>

>>
>> Much safer to just set up OpenVPN and keep the right certificates on
>> your laptop. Access is easy and very secure.
>>
>> http://openvpn.net/

>
>Out of interest, is a VPN solution like OpenVPN more secure that a well
>configured OpenSSH server? By well configured I mean one that is running on
>a non standard port, only accepts public keys for authentication and only
>allows specific users to connect.


Given your setup is only using proper keys, then it should be as
secure as OpenVPN as OpenVPN is probably using the same encryption
library as OpenSSH. OpenVPN by default uses quite big keys. But the
advantage of having a full VPN connection into your home network is
the reason for using OpenVPN. For example, I can access the web page
on my MythTV box to get it to record a TV program, without ever
exposing that web server to the Internet. And run TightVNC
connections to various PCs for full control of them.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
HELP! Master Browser elections are knocking out my wireless connections Jeff Wireless Networking 2 10-12-2007 09:52 PM
If I fail the valadation test do "they" come knocking? DrDan Computer Support 3 09-03-2007 12:07 PM
Port Knocking sven.schott@gmail.com Ruby 7 12-30-2005 11:21 AM
Opportunity Is Knocking Freecomputergetter. DVD Video 2 12-12-2004 03:55 PM
RIAA knocking on evil doer p-2-p uploaders doors to search-n-seize......... 'Ole Computer Security 16 02-22-2004 03:34 AM



Advertisments