On Sat, Apr 21, 2007 at 07:43:23AM +0300, Nick Demou wrote: > On 4/21/07, Jeff D <[EMAIL PROTECTED]> wrote: > >On Fri, 20 Apr 2007, Nick Demou wrote: > >[...] > >> > >> Any other idea of simple measures that will keep as many attackers > >> away from the one and only service that is listening to the Internet? > >> [...] > > > >I'm not sure if this fits what you are looking for or not: > >http://www.cipherdyne.org/fwknop/ > > > >This does single packed authentication, you send a specially crafted packet > >to the server, through a client app though, and it opens up the firewall > >for you for a specified amount of time and closes it back up after you > >are done. > > Thanks, it's what I was looking for. Allthough it does have the > drawback of requiring a special client to knock the server as you > noted. This, however, is the sideeffect of making the implementation > much more robust and not relying on security by obscurity. To be > honest I prefer the convenience of connecting without a special client > but I allready thought of an easy way to make fwknop ... less secure > (always easier than the oposite :)
Despite being security-through-obscurity, it *is* possible to run https
and ssh on the same port, via a proxy:
http://sourceforge.net/projects/ssh-ssl-proxy/
It is not designed for what you have in mind - but at least casual
scanners could well see an https server instead of SSH...
Disclaimer: yes: i wrote it. This is blatant advertsing. Hope it's usefull
--
Karl E. Jorgensen
[EMAIL PROTECTED] http://www.jorgensen.org.uk/
[EMAIL PROTECTED] http://karl.jorgensen.com
==== Today's fortune:
Just when you thought you were winning the rat race, along comes a faster rat!!
signature.asc
Description: Digital signature
