On 16 feb 2010, at 11.35, Bret S. Lambert wrote: > On Tue, Feb 16, 2010 at 11:28:28AM +0100, Per-Olov Sj?holm wrote: >> >> On 16 feb 2010, at 11.17, Bret S. Lambert wrote: >> >>>>> There is a way to do port knocking in pf without any external help. Maybe >>>>> you can figure it out. I will not give more hints since port knocking is a >>>>> dumb idea better spend your time reading on authpf(8). >>>>> >>>>> -- >>>>> :wq Claudio >>>>> >>>> >>>> How do you use authpf from a IPhone or similar... >>>> >>>> The reason is to use and RSS reader that cannot autenticate. I want some sort >>> >>> An RSS reader that can't authenticate, but can ping a series of TCP/IP ports? >> >> Where did you get that from? I didn't say it could... No but all devices with an RSS client, even phones, have a web browser that can have a bookmarked IP and obscure port. >>> >>>> of security for it even though it's not critical. Therefor I want to just have >>> ^^^^^^^^ >>> That word you keep using...I don't think it means what you think it means. >>> Unless you've got a mechanism to randomize the ports on every port-knocking >>> attempt, you're essentially using a plaintext password on the internet. >>> >> >> None said anything about a password.. From where did you get that? > > I said that you're *essentially* using a plaintext password, not that > you're *actually* using a plaintext password. My meaning was that you're > effectively using a security model that's been known to be bad for as > long as I've been in the tech industry. > >> forcing the clients to first open their browser and access a >> specific IP and a specific port. > > Yes, because those are impossible for an attacker to guess. > >> But again, the data is not that critical. > > Then why care about "security" at all? > >> And it's not likely they will guess the link. > > Congratulations; I'm actually at a loss for words after reading that.
See my post to Peter H. You obviously have not worked with security and the tradeoffs you _always_ have to make. If you don't have anything to come up with, don't bother to post. /Per-Olov
