This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new!

Fighting Traffic Sniffers

Posted by: Anonymous Coward on September 20, 2004 06:38 AM
Why not just have the server and client share a secret? They both could generate the secret off some shared password. After each successful login, the port sequence used in port knocking is then changed randomly with the initial hash of the password.

The client would then use the new sequence on the next login attempt, and the server would only accept connections using this sequence. Sniffing the traffic would be useless unless you try to do some brute force attack on the password and try comparing results with the traffic (so then change your password each month).


Return to A critique of port knocking