Posted by: Anonymous Coward
on September 20, 2004 06:38 AM
Why not just have the server and client share a secret? They both could generate the secret off some shared password. After each successful login, the port sequence used in port knocking is then changed randomly with the initial hash of the password.
The client would then use the new sequence on the next login attempt, and the server would only accept connections using this sequence. Sniffing the traffic would be useless unless you try to do some brute force attack on the password and try comparing results with the traffic (so then change your password each month).