Single packet authorization with fwknop

• Autores: Michael Rash
• Localización: ;login:: the magazine of USENIX & SAGE, ISSN 1044-6397, Vol. 31, Nº. 1 (FEB), 2006, págs. 63-69
• Idioma: inglés
• Texto completo no disponible (Saber más ...)
• Resumen

  • One year ago, in the December 2004 issue of ;login:, in the aticle entitled "Combining Port Knocking and Passive OS Fingerprinting with Fwknop", I described a technique for combining passive of OS fingerprinting with a method of authorization called Port knocking . Since that time I have implemented a new method of securing IP-based communications called Simgle Packet Authorization (SPAM) [1], wich draws on some on the strengths of port knocking and fixes some of this weaknesses. Feknop retains the ability to generate encrypted port knock sequences and incorporate additional criteria on the OS required to honor that sequences, but the default authorization method have been switched to SPA due to the benefits this strategy has over traditional port knocking.

    This article discusses Single Packet Autorization as implement by fwknop, suggest why you would want to use it, and provides an example of using fwknop to provide an additional layer of security for OpenSSH. Fwknop is free software released under the GNU Public License (GPL) and can be downloaded from htt://www.cipherdyne.org/projects/fwknop/.