Re: Reflexive firewalls?

[Gustavo Castro <gcastrop () gmail com>]

Guys:

  Looks a lot like a really primitive "port-knocking" authentication method...
  http://www.portknocking.org/

2009/1/27 mgk.mailing <mgk.mailing () googlemail com>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> hi
>
> That sound like the user-auth feature on juniper firewalls, you telnet /
> http to the target and once authenticated it allows you to ssh etc as
> per rules setup.  Its not great but a useful tool, as it opens up the
> policy to all at the source address of the successfully authenticated user.
>
> /Mgk
>
> Ong Chin Kiat wrote:
> > Hi list,
> >
> > I've recently used an SSH server that had an interesting authentication
> > mechanism. You first had to telnet to the machine on a certain port.
> > After doing this (it will just time out - no prompt), you then SSH to
> > the server in question. The telnet step has to be carried out, if not
> > SSH will just time out.
> >
> > My question is, is this called reflexive firewalling, and can I
> > duplicate this with iptables?
> >
> > Thanks.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkl/CA4ACgkQPxFiS6Ou+MyiogCeMiVXnG4GyhlAXPkr7kwHu7Wy
> uB0AmgMJiUTMXZBRB5TF23Ds8rA1UGWo
> =eKXO
> -----END PGP SIGNATURE-----



-- 
Saludos,
     Gustavo Castro Puig.
     E-Mail: gcastrop () gmail com

LPI Level-1 Certified (https://www.lpi.org/es/verify.html
LPID:LPI000042304 Verification Code: hp6re8w5qg )
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM/IT/ED dx s-:- a? C(+++)$ UL++++*$ P+ L++++(++)$ E--- W+++$ N+ o?
K- w O M V-- PS PE++(-) Y-(+) PGP+ t(++) 5+ X++ R tv+ b++(++++) DI+++
D++ G++ e++ h--- r y+++
------END GEEK CODE BLOCK------
Registered Linux User #69342