This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

Re:Riiiiiight....

Posted by: Serge Wroclawski on August 10, 2004 06:58 PM
You mean *besides* the one he already presented?

Another solution to what people would use port knocking for would be VPN.

Your first barrier to authentication would be VPN access to a special subnet, then SSH would be allowed from that subnet.

Port knocking is a bad idea. It's simple, replayable, and worst of all, it makes the system more vulnerable to DOSes.

#

Return to A critique of port knocking