This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new!

Fwknop and single packet authorization

Posted by: Anonymous [ip:] on May 20, 2008 10:37 PM
As someone who has used FWKnop, it is not only a "forward password system". You can use it to run a remote command (like sending the correct SPA packet triggers a reboot) or you can even send commands to be run in the server, embedded on the packet.

The packet is not replayable cause FWKnop rejects more than one packet per unit of time (60s if I remember the default) and it does not allow for a packet to be accepted with more than x seconds of difference in time, which literally blocks any replay attemp.

It can use PGP public/private keys so it can verify both client and server, which is even nicer.

I really don't know why fwknop is not more known, it's a fantastic tool. (and no, it's not security through obscurity, it's more like the onion metaphor).


Return to Fwknop and single packet authorization