Security Basics mailing list archives
Re: Reflexive firewalls?
From: Gustavo Castro <gcastrop () gmail com>
Date: Tue, 27 Jan 2009 16:14:46 -0200
Guys: Looks a lot like a really primitive "port-knocking" authentication method... http://www.portknocking.org/ 2009/1/27 mgk.mailing <mgk.mailing () googlemail com>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi That sound like the user-auth feature on juniper firewalls, you telnet / http to the target and once authenticated it allows you to ssh etc as per rules setup. Its not great but a useful tool, as it opens up the policy to all at the source address of the successfully authenticated user. /Mgk Ong Chin Kiat wrote:Hi list, I've recently used an SSH server that had an interesting authentication mechanism. You first had to telnet to the machine on a certain port. After doing this (it will just time out - no prompt), you then SSH to the server in question. The telnet step has to be carried out, if not SSH will just time out. My question is, is this called reflexive firewalling, and can I duplicate this with iptables? Thanks.-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkl/CA4ACgkQPxFiS6Ou+MyiogCeMiVXnG4GyhlAXPkr7kwHu7Wy uB0AmgMJiUTMXZBRB5TF23Ds8rA1UGWo =eKXO -----END PGP SIGNATURE-----
-- Saludos, Gustavo Castro Puig. E-Mail: gcastrop () gmail com LPI Level-1 Certified (https://www.lpi.org/es/verify.html LPID:LPI000042304 Verification Code: hp6re8w5qg ) -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS/CM/IT/ED dx s-:- a? C(+++)$ UL++++*$ P+ L++++(++)$ E--- W+++$ N+ o? K- w O M V-- PS PE++(-) Y-(+) PGP+ t(++) 5+ X++ R tv+ b++(++++) DI+++ D++ G++ e++ h--- r y+++ ------END GEEK CODE BLOCK------ Registered Linux User #69342
Current thread:
- Re: Reflexive firewalls? mgk.mailing (Jan 27)
- Re: Reflexive firewalls? Gustavo Castro (Jan 27)
- R: Reflexive firewalls? Vega - Brunello Ivan (Jan 28)
- Re: Reflexive firewalls? Brian Ford (Jan 28)
- Re: Reflexive firewalls? Gustavo Castro (Jan 27)