Create an Account
username: password:
 
  MemeStreams Logo

The Doorman - Putting this portknocking silliness to rest
search
Home Agent Weblogs Social Network Post Help About

Decius
Picture of Decius
Decius's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Decius's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
   Sci-Fi/Fantasy Films
  Music
   Electronic Music
Business
  Finance & Accounting
  Tech Industry
  Telecom Industry
  Management
  Markets & Investing
Games
Health and Wellness
Home and Garden
  Parenting
Miscellaneous
  Humor
  MemeStreams
Current Events
  War on Terrorism
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   SF Bay Area
    SF Bay Area News
Science
  Biology
  History
  Math
  Nano Tech
  Physics
Society
  Economics
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
Sports
Technology
  Computer Security
  Macintosh
  Spam
  High Tech Developments

support us

Get MemeStreams Stuff!


 
The Doorman - Putting this portknocking silliness to rest
Topic: Computer Security 3:44 pm EDT, Aug  1, 2004

This morning there was a post on Slashdot about two *blackhat* talks about pointless twists on the PortKnocking concept, in which one of the authors confuses the concept of a one time password and a one time pad. Man, it doesn't take much to be considered a computer security expert these days.

Between a flashy website, articles in all the major admin journals, Blackhat talks, and endorsement from Bruce Schneier, its quite clear that this is one meme that has gone too far. It occurred to me that I could write a single packer stealth authenticator with better security and more flexibility then most pork knocker implementations in a single afternoon, so I did a google search, and fortunately somebody already did it.

] This particular implementation deviates a bit from his
] original proposal, in that the doorman watches for only a
] single UDP packet.   To get the doorman to open up, the
] packet must contain an MD5 hash which correctly hashes a
] shared secret, salted with the client's IP address and
] the (correctly rounded) time-of-day.

No replay, no multi-port silliness, no problems with route flaps fucking up your authentication, lots of features. Straight up protection from port scanners without all of the lunacy. If you think portknocking is "cool" this is what you are looking for. You can stop writing presentations for hacker cons. Its over.

The Doorman - Putting this portknocking silliness to rest

Thread [1]


  
 
Powered By Industrial Memetics		RSS2.0