[ previous ] [ next ] [ threads ]
 From:  Adam Nellemann <adam at nellemann dot nu>
 To:  m0n0wall List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Port Knocking?
 Date:  Sat, 07 Feb 2004 06:14:51 +0100
Nice idea, I like it!

It probably should be elaborated on a bit (as suggested in some of the 
articles) to prevent easy detection of a "knock" taking place (a nice 
alternative, which could also be elaborated on and/or combined with the 
usual "knock": http://doorman.sourceforge.net)

I guess a "test" implementation could be done with no changes to 
m0n0wall, simply by making a small daemon running on a machine recieving 
syslog messages from m0n0wall and using http to make the changes to the 
rules (assuming this can't be done more easily in other ways, such as 
SNMP or..?)

Of course a usable implementation should either reside completely on 
m0n0wall, or depend on a better way to monitor the filter log and change 
the firewall rules from a local machine running the "knocker daemon".


Don Gray wrote:

> Anyone read these articles?  Any ideas how to implement with m0n0wall/IPFilter? It's an
interesting concept.
> http://slashdot.org/article.pl?sid=04/02/05/1834228&mode=thread&tid=126&tid=172
> http://www.linuxjournal.com/article.php?sid=6811&mode=thread&order=0
> http://www.portknocking.org/