[Sharpknocking-devel] PortKnocking match extension for iptables
SharpKnocking project development list.
sharpknocking-devel at ilikecoffee.net
Thu Jan 17 13:25:09 GMT 2008
Hello all
There is a new implementation of portknocking over the table[1], but this is
special as it is implemented directly as a iptables match extension and uses
SPA[2].
I think we can add support for such extension into our IptablesSharp library
so in a not so distant future we can manage it, as we will manage all the
rules and extensions for iptables, and continue to develop our own knocking
system. That is not SPA.
I also think that we should not only be implementing one option. We should
be planning to allow more that one implementation that would be chosen with
the manager (doorman) when things are configured. This way any new
implementation of portknocking in the world can be integrated into ours to
add new value and flexibility (depending of the details we can wrap the
libraries, the command-line apps, ...)
This can suppose a great amount of work over the doorman but it feels a
natural way of proceeding.
Thoughts?
Regards
[1] http://portknocko.berlios.de/
[2] Single Port Authentication is one of the options when sending kockings
to a server. The teory is that a single packet is more difficult to capture
and detect the knocking system and if it is cryptographically signed and
encrypted is more secure.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ilikecoffee.net/pipermail/sharpknocking-devel_ilikecoffee.net/attachments/20080117/c4893fa3/attachment.html
More information about the Sharpknocking-devel
mailing list