From owner-freebsd-stable Fri Aug 31 12:42:52 2001 Delivered-To: freebsd-stable@freebsd.org Received: from bluenugget.net (bsd.st [64.3.150.188]) by hub.freebsd.org (Postfix) with ESMTP id E7DAE37B401; Fri, 31 Aug 2001 12:42:37 -0700 (PDT) Received: by bluenugget.net (Postfix, from userid 1000) id 92EB513616; Fri, 31 Aug 2001 12:43:48 -0700 (PDT) Date: Fri, 31 Aug 2001 12:43:48 -0700 From: Jason DiCioccio To: Not Going to Tell You Cc: security@FreeBSD.org, freebsd-stable@FreeBSD.ORG Subject: Re: Possible New Security Tool For FreeBSD, Need Your Help. Message-ID: <20010831124348.B2253@bluenugget.net> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="V0207lvV8h4k8FAm" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.21i Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --V0207lvV8h4k8FAm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Actually you could even have it so it would only accept() for about 10 seco= nds. it doesn't have to be accepting connections when you're SSH'd in. The prob= lem with this of course is it's another key that can be sniffed. I don't see h= ow it would hurt though as long as you're using secure protocols/services as w= ell. Basically, just don't put all of your trust into that one key :) Cheers, -JD- On Fri, Aug 31, 2001 at 07:33:51PM +0000, Not Going to Tell You wrote: > Sorry for the blank e-mail. >=20 > I have an idea, maybe you either know if it is already been done or you c= an=20 > help me write this software: >=20 > What if I would scan 5 ports in a defined order, within a define period o= f=20 > time on my remote box. A program on the box would recognize these 5 port= =20 > scans as a "Key" from a remote user to open a port or to activate another= =20 > software. >=20 > Why would this be good? > I could close all the ports on my box except those needed to provide a=20 > service (i.e. port 80), however, how can I remote manage it? So then I wo= uld=20 >=20 > have to open a sshd port also. But this leads to a potential security=20 > problem when scanned by a hacker. So, what if I had a program that sent a= =20 > type of "Key" to the box and the box recognized that the key sequence ord= er=20 > was from me, then opened the sshd port. After I was finished with the ss= hd=20 > session, I would run another program to close the port behind me? >=20 > Any thoughts and help is welcomed. >=20 > Lucky >=20 > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message >=20 --=20 Jason DiCioccio - geniusj@bsd.st - PGP Key @ http://bsd.st/~geniusj/pgpkey.= asc --V0207lvV8h4k8FAm Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQA/AwUBO4/o9NNQlZYENnwIEQIwcQCfRt60q4zGmFFawlmrG+ffhol6LrEAoLqW Ecb6W/Im9TynUpoTZs92FpqJ =WTqJ -----END PGP SIGNATURE----- --V0207lvV8h4k8FAm-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message