port knocking?

Hi Misc,



I was wondering what the general census on port knocking in
the OpenBSD
community is. I like the idea of hiding services but I don't
like the
idea of relying on a piece of code that's not part of the
OpenBSD core.
I know when it comes down to it, it's only hiding ports and
not actually
securing anything.



I am assuming that it's not practiced in the OpenBSD world
because there
are no port knocking ports.



Anyone not agree with that summation?



Thanks,



John



:::::: John Brahy

:::::: CTO/CIO
:::::: ad2, Inc.
:::::: http://www.ad2.com
<http://www.ad2.com/>
::::::
:::::: 1990 E Grand Avenue
:::::: Suite 200
:::::: El Segundo CA 90245
::::::
:::::: t: 310-356-7500 main line
:::::: f: 310-356-7520

2007/6/25, John N. Brahy <jbrahyad2.com>:
> I was wondering what the general census on port
knocking in the OpenBSD
> community is. I like the idea of hiding services but I
don't

List archives exist.

Best
   Martin

On Mon, Jun 25, 2007 at 10:48:20AM -0700, John N. Brahy
wrote:
> I know when it comes down to it, it's only hiding ports
and not actually
> securing anything.

There, you've hit the nail on the head.

But it's worse. Go find some people using port knocking -
you probably
know some. Ask them if they can shut if off for a month. I
bet a good
portion will say "No! I have sshd from 2002 on there!
No way!" So while
port knocking doesn't add (much) insecurity itself (apart
from a chance
of having an exploit in the knocker), it certainly *seems*
to have a
high correlation with unsecured systems. Anecdotal, but
there it is.

-- 
Darrin Chandler            |  Phoenix BSD User Group  | 
MetaBUG
dwchandlerstilyagin.com   |  http://phxbug.org/      |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation