Port knocking script/server for fedora?

Bruno Wolff III bruno at wolff.to
Wed Nov 19 03:25:47 UTC 2014

On Wed, Nov 19, 2014 at 01:36:46 +0000,
  Bill Oliver <vendor at billoblog.com> wrote:
>I've been reading a bit about port knocking as a security tool.  It makes pretty good sense for a private box, at least for stuff like ssh and ftp.   Does anybody know of a good tutorial/example/script for fedora for this?

If your threat is password guessing, you can use two factor. 
It is easy to require both a password and a public key to connect, with 
the public key authentication required before any guessing of the password 
can be done.

If your threat is preauthentication attacks versus the service itself, using 
a firewall is probably simpler. But you need to be able to restrict the 
allowed IPs to some small fraction of the internet. And there may be blind 
spoofing attacks that can get through the firewall. Port knocking can 
provide some additional coverage, but this adds risk of the port knocking 
service having bugs, extra work setting things up, and it isn't going to 
stop some potential attackers.

More information about the users mailing list