Port Knocking

Discussion in 'NZ Computing' started by Lawrence D'Oliveiro, Apr 1, 2009.

  1. I'm not a fan of this sort of thing--seems too prone to replay attacks.

    <http://www.go2linux.org/how-to-connect-to-your-PC-opening-the-firewall-iptables>
     
    Lawrence D'Oliveiro, Apr 1, 2009
    #1
    1. Advertising

  2. On Wed, 01 Apr 2009 23:21:38 +1300, Lawrence D'Oliveiro
    <_zealand> wrote:

    >I'm not a fan of this sort of thing--seems too prone to replay attacks.
    >
    ><http://www.go2linux.org/how-to-connect-to-your-PC-opening-the-firewall-iptables>


    Much safer to just set up OpenVPN and keep the right certificates on
    your laptop. Access is easy and very secure.

    http://openvpn.net/
     
    Stephen Worthington, Apr 1, 2009
    #2
    1. Advertising

  3. Lawrence D'Oliveiro

    AD. Guest

    On Apr 1, 11:21 pm, Lawrence D'Oliveiro <l...@geek-
    central.gen.new_zealand> wrote:
    > I'm not a fan of this sort of thing--seems too prone to replay attacks.
    >
    > <http://www.go2linux.org/how-to-connect-to-your-PC-opening-the-firewal...>


    Well you presumably wouldn't be relying on it for the actual security
    - just an extra sprinkling of obscurity on top to stop the log files
    filling up with failed attempts :)

    Or you could try this approach:

    http://www.cipherdyne.org/fwknop/

    I don't actually use any of this stuff though - too fiddly. I might be
    tempted to try out fwknop if there was an OpenBSD/pf implementation.

    --
    Cheers
    Anton
     
    AD., Apr 1, 2009
    #3
  4. In message <>, Allistar wrote:

    > Out of interest, is a VPN solution like OpenVPN more secure that a well
    > configured OpenSSH server?


    It's not a question of "more" or "less" secure, it's offering different
    functionality. A VPN makes your remote machine look like it's part of the
    local network, with full access to local services (both UDP and TCP). SSH
    gives you some access to local TCP services, but only by explicit
    tunnelling.
     
    Lawrence D'Oliveiro, Apr 1, 2009
    #4
  5. Lawrence D'Oliveiro

    steve Guest

    On Thu, 02 Apr 2009 09:19:31 +1300, Allistar wrote:

    > Stephen Worthington wrote:
    >
    >> On Wed, 01 Apr 2009 23:21:38 +1300, Lawrence D'Oliveiro
    >> <_zealand> wrote:
    >>
    >>>I'm not a fan of this sort of thing--seems too prone to replay attacks.
    >>>
    >>><http://www.go2linux.org/how-to-connect-to-your-PC-opening-the-

    firewall-iptables>
    >>
    >> Much safer to just set up OpenVPN and keep the right certificates on
    >> your laptop. Access is easy and very secure.
    >>
    >> http://openvpn.net/

    >
    > Out of interest, is a VPN solution like OpenVPN more secure that a well
    > configured OpenSSH server? By well configured I mean one that is running
    > on a non standard port, only accepts public keys for authentication and
    > only allows specific users to connect.


    If you're using openvpn to connect your pc/network to another, then
    you've created a private tunnel across the internet. If you then use that
    network connection to connect - via ssh - to the remote server, you can
    switch off the internet facing sshd service completely. Script kiddies
    will then have to first tap into the vpn network before hacking your ssh
    connection.

    I'm sure this will become possible without some sort of social networking
    at some time in the future, but at the moment I don't think it is
    possible.

    Steve
     
    steve, Apr 1, 2009
    #5
  6. On Thu, 02 Apr 2009 09:19:31 +1300, Allistar <> wrote:

    >Stephen Worthington wrote:
    >
    >> On Wed, 01 Apr 2009 23:21:38 +1300, Lawrence D'Oliveiro
    >> <_zealand> wrote:
    >>
    >>>I'm not a fan of this sort of thing--seems too prone to replay attacks.
    >>>
    >>><http://www.go2linux.org/how-to-connect-to-your-PC-opening-the-firewall-iptables>

    >>
    >> Much safer to just set up OpenVPN and keep the right certificates on
    >> your laptop. Access is easy and very secure.
    >>
    >> http://openvpn.net/

    >
    >Out of interest, is a VPN solution like OpenVPN more secure that a well
    >configured OpenSSH server? By well configured I mean one that is running on
    >a non standard port, only accepts public keys for authentication and only
    >allows specific users to connect.


    Given your setup is only using proper keys, then it should be as
    secure as OpenVPN as OpenVPN is probably using the same encryption
    library as OpenSSH. OpenVPN by default uses quite big keys. But the
    advantage of having a full VPN connection into your home network is
    the reason for using OpenVPN. For example, I can access the web page
    on my MythTV box to get it to record a TV program, without ever
    exposing that web server to the Internet. And run TightVNC
    connections to various PCs for full control of them.
     
    Stephen Worthington, Apr 2, 2009
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Freecomputergetter.

    Opportunity Is Knocking

    Freecomputergetter., Dec 12, 2004, in forum: DVD Video
    Replies:
    2
    Views:
    433
    Pug Fugley
    Dec 12, 2004
  2. 'Ole
    Replies:
    16
    Views:
    621
    Ford Prefect
    Feb 22, 2004
  3. DrDan
    Replies:
    3
    Views:
    459
  4. Jeff
    Replies:
    2
    Views:
    856
  5. whome

    telecom sales guys a-knocking

    whome, Jan 30, 2007, in forum: NZ Computing
    Replies:
    14
    Views:
    617
    Miche
    Feb 4, 2007
Loading...

Share This Page