On Tue May 06, 2003 at 01:0724PM -0500, Mark Edgington wrote: > Hi, > I'm not sure whether this idea has been considered or implemented > anywhere, but I have been thinking about it, and believe it would provide a > fairly high-level of security for systems which only run a few public > services. The gist of it is this: > incorporate functionality into inetd/xinetd/rinetd which listens for a > predefined sequence of connection attempts on certain ports. Upon noticing > the correct sequence (as specified somewhere in the config file), it opens > up certain ports (i.e. SSH) for a specified amount of time or for the next > connection attempt only.
I remember discussing this topic a while ago in a german usenet group. I didn't reread the posts now, but all I remember is that it all resulted in "rubbish", for a few reasons: -You're using port connects as a means of password, and this password is usually unencrypted, thus can be watched by anyone on the net -it's security by obscurity, and that usually doesn't work -you're getting a new component in the user authentifcation, that just adds complexity without a real gain in security I think the main goal should be to have only secure services on a server, and not to disguise unsecure ones in an obscure way. If you think SSH (or any other component) is not trustworthy, just look for alternatives (or create them yourself). -- Michael Bergbauer <[EMAIL PROTECTED]> use your idle CPU cycles - See http://www.distributed.net for details. Visit our mud Geas at geas.franken.de Port 3333
