[olug] Portknocker (from OLUG mtg/presentation)

Thom Harrison id4spam at cox.net
Thu Jun 3 01:05:38 UTC 2004


Jay,

Good question.  By encoding the client's IP within the knock sequence, you're ensuring that the same sequence of numbers can't be used elsewhere successfully.  For instance, if you'd recorded the sequence of numbers I'd sent at the OLUG meeting and retransmitted them from your home it would only allow the OLUG meeting site to connect.

Basically, the server allows access to the IP encrypted within the sequence, totally disregarding the actual source IP.

Without the IP being encrypted within the sequence, what's to keep the same knock sequence from working at another location?

Using my knockmenu script, I could actually authorize access for an IP other than my own by entering ( your home's IP for instance ) as the client IP.  This would allow you to access my knock server.

Thom

Jay Hannah wrote:

>
> Hey, wait a minute...
>
> Why does the client need to figure out it's IP?
>
> The daemon just received the knock -- why doesn't it just open up 
> connections from whatever IP knocked successfully?
>
> j
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>


More information about the OLUG mailing list