July 18th, 2005, 02:42 AM
August 12th, 2005, 03:49 PM
just in case you didnt find anything yet, here are 2 sources for a port knocking daemon : fk
http://www.cipherdyne.org/fwknop/ -> pretty good analysis of packet : port knocking + os fingerprinting.
http://directory.fsf.org/security/auth/pasmal.html -> port knocking + encryption and various features
the main problem with thoses softwares is that on a very active server, checking up raw sockets, sniffing around eth is slowing down things.... so before the port knocking server mostly there are load checker (to see if the box is not dosing itself mainly...), or other kind of authentifications. It can be a plus to enhance your security (by hiding your daemons) - The main stuff against this is replay attacks (sniffing the port knocking sequence, replaying it...) - but with encryption or os fingerprinting, it makes things very hard to replay - and again the second and real problem is that on a production highly hitted/loaded server, the port knocking daemons kind of slow down things...