Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion

search


This page contains all of the posts and discussion on MemeStreams referencing the following web page: knock - a port-knocking implementation. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

knock - a port-knocking implementation
by k at 10:17 am EDT, Apr 15, 2004

knockd is a port-knock server. It listens to all traffic on an ethernet interface, looking for special "knock" sequences of port-hits. A client makes these port-hits by sending a TCP (or UDP) packet to a port on the server. This port need not be open -- since knockd listens at the link-layer level, it sees all traffic even if it's destined for a closed port. When the server detects a specific sequence of port-hits, it runs a command defined in its configuration file. This can be used to open up holes in a firewall for quick access.

[ This got memed a while back... I thought it sounded neat, but got my ass handed to me by the actual security nerds on the site, to whom weak security is a worse sin than no security. I shrug. It's a cool idea, if only as a curiosity. -k]


 
RE: knock - a port-knocking implementation
by Thrynn at 12:01 pm EDT, Apr 15, 2004

inignoct wrote:
] [ This got memed a while back... I thought it sounded neat,
] but got my ass handed to me by the actual security nerds on
] the site, to whom weak security is a worse sin than no
] security. I shrug. It's a cool idea, if only as a curiosity.
] -k]

I'm going to pencil you in my book of people who were before their time.


knock - a port-knocking implementation
by Rattle at 2:15 am EDT, Apr 15, 2004

knockd is a port-knock server. It listens to all traffic on an ethernet interface, looking for special "knock" sequences of port-hits. A client makes these port-hits by sending a TCP (or UDP) packet to a port on the server. This port need not be open -- since knockd listens at the link-layer level, it sees all traffic even if it's destined for a closed port. When the server detects a specific sequence of port-hits, it runs a command defined in its configuration file. This can be used to open up holes in a firewall for quick access.


There is a redundant post from Thrynn not displayed in this view.
 
 
Powered By Industrial Memetics