[ previous ] [ next ] [ threads ]
 From:  Bart Smit <bit at pipe dot nl>
 To:  m0n0wall List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Port Knocking?
 Date:  Sat, 07 Feb 2004 10:25:03 +0100
Don Gray wrote:

[ about port knocking ]

Frankly, the idea doesn't win any sympathy from me (grumpy old fart)
whatsoever. The port knocking sequence is trivially sniffed from the
wire, so it suffers from the same types of problems that unencrypted
passwords have. And if you want to eliminate problems with buffer
overflows and similar vulnerabilities in code that listens to the
network, well, don't listen to the network then! Both the the low level
networking code in the kernel and the networked application code need to
be safe against such lines of attack; there is no principal difference
there. I really fail to see the point.