|
|
|
|
|
|
by lazyant
4639 days ago
|
|
|
I don't use port knocking but: "all implementations had the downside of adding yet another piece of clearly experimental software to my system along with somewhat convoluted procedures for setting the thing up" what? you can add port knocking with literally 3 iptables rules, netfilter is a rock-solid proven piece of software. "explain to me what problem this is supposed to solve." visibility: if target cannot be found there's no target to attack; security by obscurity is good (as long as security doesn't depend just on it). I use bastion host to ssh to my servers with key and different port (yes different port is good; for a couple of sysadmins who cares we broke some standard?) |
|
|
<s> (. I think I'll change the protocol numbers of TCP and UDP to use each others' numbers. Complete protection! No standard TCP/IP stack will be able to connect! Yay! .) </s>