I read in the June 03 Sys Admin magazine about Portknocking. The basic idea involves using a firewall and log watcher to respond in a user-defined manner to sequences of connection attempts to closed ports. For example, connections to ports 100, 102, 101, and 201 mean "open up secure shell for the source IP address." This is really a twist on the idea of covert channels, but it has lots of possibilities -- including an attacker who brute forces the system to gain access. It's still a neat idea.

The September 03 Sys Admin magazine is available, with the title "Security." I don't see how this is different from June's "Security" issue, but I like to see that much attention given to the subject.

Is anyone else attending the Recent Advances in Intrusion Detection (RAID) conference in Pittsburgh next month? I'll be an attendee doing research for my book. The conference lasts from 8 to 10 Sep and is dirt cheap -- $300 until 15 Aug, $400 afterwards.


Popular posts from this blog

MITRE ATT&CK Tactics Are Not Tactics

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4