30 Oct
2004
30 Oct
'04
4:52 p.m.
"Gerald Combs" [email protected] wrote:
There's also "port knocking": http://www.portknocking.org/ . In order for the firewall to open up port 22, you would have to send a special sequence of packets, e.g. attempt to connect to a specific combination of ports in a specific order.
It's an interesting idea, but I think it's in the category of 'security through obscurity'. I think it would be cleaner to just send a UDP packet, containing within it certain authentication information (including a timestamp), digitally signed with a private key, that would give pretty high confidence that you are legit before the TCP socket ever is opened.