Perl prototype: v0.30
- pcaplib support added; daemon no longer requires firewall log file
2004-Nov-14 18:59 | ...more
new Net::Pcap support added to sniff packets directly ...more
This section introduces the idea of communication ports and firewalls at a very introductory level. If you are familiar with TCP/IP and firewalls, you can skip past this section and go straight to the details
of the port knocking implementation. This introduction is not a technical document and is targetted at a non-technical audience or novices computer users and administrators.
If the bad guys are smart - they often are - it will be just a matter of time before one of them either physically moves to an unfiltered computer, or breaks into an unfiltered computer and uses it as a trampoline for a lunge at your system. Take a look at Figure 7. There's a red hat at an unfiltered computer - oh oh.
Additionally, inconveniences arise when trusted users physically travel to filtered locations. If your firewall is very tightly configured, you may be blocking all but a few IPs for certain ports (e.g. telnet/23 or ssh/22). Users who frequently travel may require you to expend significant effort to keep the firewall rules current to track their location. In some cases, it may not be possible to know ahead of the which IP range these users are travelling to, or communicate the information once it is known.
Figure 7 | A security risk: an untrusted user (red hat) breaks into an unfiltered network, gaining ability to connect to your system. An inconvenience: a trusted user (green hat) physically travels to a location which is filtered by your firewall and can no longer connect.
last updated 2004-Apr-05 16:58