Menu
▾
▴
[Shorewall-devel] Web site update for more advanced Port Knocking /w JavaScript Knock client.
|
From: Mike M. <ch...@mi...> - 2012-04-28 01:22:17
|
Diff to Knock.pm from http://www.shorewall.net/ManualChains.html http://pastebin.com/V3hu201C Changes: * Support for more then one port. * Clear state if knock out of order. - if too early. - if too late. - this will break you if using the same port more then once. * Fixed issue with logging, where DROP would log even when nothing dropped. * WARNING, rejects a correct knock. This is a security (*)risk, but so is knock, and it's essential with the above out of order tests. More robust, YMMV. (*) My thinking is who is going to probe around after finding one port that rejects, if you have 3 or even 5 other ports it becomes impossible to do anything with this. However one should note that this will lead to an easy crack if you just have one port. A web page that will keep your Knock going so the port is always open, HTML 5 local storage enabled. http://pastebin.com/bzDgL5BN * This page depends on rejecting a correct knock, browsers don't time-out easily. |
