From owner-freebsd-security Mon Sep 3 11:14:41 2001 Delivered-To: freebsd-security@freebsd.org Received: from topperwein.dyndns.org (acs-24-154-28-172.zoominternet.net [24.154.28.172]) by hub.freebsd.org (Postfix) with ESMTP id 23FFF37B40E for ; Mon, 3 Sep 2001 11:14:38 -0700 (PDT) Received: from topperwein.dyndns.org (topperwein.dyndns.org [192.168.168.10]) by topperwein.dyndns.org (8.11.6/8.11.6) with ESMTP id f83IEd910935 for ; Mon, 3 Sep 2001 14:14:39 -0400 (EDT) (envelope-from behanna@zbzoom.net) Date: Mon, 3 Sep 2001 14:14:34 -0400 (EDT) From: Chris BeHanna Reply-To: Chris BeHanna To: Subject: RE: Possible New Security Tool For FreeBSD, Need Your Help. In-Reply-To: Message-ID: <20010903141244.U10812-100000@topperwein.dyndns.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 3 Sep 2001, Not Going to Tell You wrote: > This is not obfuscation! This is activation and de=activation. Obfuscation > implies that the port is open but you are hidden this fact. It *is* obfuscation: unless your "sequence of packets" is cryptographically strong, it can be easily sniffed and replayed, effectively nulling your "extra layer of security". Note that to make it cryptographically strong, you'd effectively end up doing what sshd does anyway: public key encryption. -- Chris BeHanna Software Engineer (Remove "bogus" before responding.) behanna@bogus.zbzoom.net I was raised by a pack of wild corn dogs. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message