inignoct wrote:
] [ i'm nothing like a security professional, but i seem to
] recall that there are a few people on this site who are ;)
] Thoughts?

While a creative idea, a 4 port "knock" across 256 ports is the equivalent of an 4 character password sent in the clear, and you could probably brute force it more quickly then a telnet login because there is no timeout wait between trials.

The "security" of this is based on the idea that no one knows you are doing it. Anyone targeting you would figure it out quickly, discover your key, and own you.

Even if you used a one time password scheme like S/KEY with this, I could wait for you to attempt to login, get three of the ports, then DOS attack you and then replay the sequence 256 times until I get the forth port.

Accepting SSH connections to your machine and simply tunneling through it would be more secure because your password sequence wouldn't go in the clear. That also happens to be the standard remote VPN solution for linux firewalls.

Have a nice day. :)

RE: Port Knocking