Date: Tue, 23 Jun 2009 16:11:04 -0400 From: Daniel Underwood <djuatdelta@gmail.com> To: Erik Norgaard <norgaard@locolomo.org> Cc: freebsd-questions@freebsd.org Subject: Re: Best practices for securing SSH server Message-ID: <b6c05a470906231311q48a56fddk77b456dc29695ed3@mail.gmail.com> In-Reply-To: <4A4109DE.3050000@locolomo.org> References: <b6c05a470906221816l4001b92cu82270632440ee8a@mail.gmail.com> <4A406D81.3010803@locolomo.org> <b6c05a470906230653i6ce647c1p415e769b63d9e169@mail.gmail.com> <4A4109DE.3050000@locolomo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> A port-knocking sequence is really nothing different than a shared password. Technically and conceptually, that's true. But "practically", I'm not sure you're right. If in addition to attempting to enumerate the space of possible passwords, an attacker also enumerates the space of possible port-knocking sequences, then, yes, you're right. But I am willing to bet that the vast majority of attackers DO NOT attempt this. For this reason, I think well-designed port-knocking DOES add significant strength to the server. If I'm misunderstanding port-knocking, please jump in and correct me...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b6c05a470906231311q48a56fddk77b456dc29695ed3>