> If you're previous employer ran an authenticator on a high port, doesn't
> that mean that the port was open for the world to see? If so, that open port
> would indicate that there was in fact a host at the given IP address.
Yes.
> If I understand port knocking correctly, the neat thing about it is that the
> server is completely invisible (no open ports at all) unless the correct
> "knock" is sent. It's a neat idea and one that I wasn't familiar with until
> it came up on this list. I agree that other safeguards should certainly be
> in place, but doorman seems like it would be quite useful.
Actually it would depend how you set it up. Most of the proposed
implementations I've seen reject the packets on closed ports instead
of dropping them (by default), which also indicates that the host is
alive. Also, port knocking doesn't affect things like ICMP, which
would also indicate a host's status unless dropped with iptables or
similar.
Finally, having a machine appear "invisible" only protects against
casual scans, which wouldn't hit a high port anyway.
-- Debianista! http://www.gnu.org/philosophy/no-word-attachments.html----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:00:49 EDT