|
||||||||
Don Gray wrote: [ about port knocking ] Frankly, the idea doesn't win any sympathy from me (grumpy old fart) whatsoever. The port knocking sequence is trivially sniffed from the wire, so it suffers from the same types of problems that unencrypted passwords have. And if you want to eliminate problems with buffer overflows and similar vulnerabilities in code that listens to the network, well, don't listen to the network then! Both the the low level networking code in the kernel and the networked application code need to be safe against such lines of attack; there is no principal difference there. I really fail to see the point. --B |