nuintari's rules of networking 0x2b:
Port knocking is a really annoying and roundabout way to put a weak numeric password in essentially plaintext in front of a service as a pre-connection requirement.
Timeline
Post
Remote status
Context
2
@nuintari yes, I am reminded of my some years old "Why Not Use Port Knocking" https://nxdomain.no/~peter/why_not_use_port_knocking.html (part of the "Hail Mary Cloud" sequence, summarized in https://nxdomain.no/~peter/hailmary_lessons_learned.html)
@pitrh @nuintari Colin Percival puts his own spiped in front of his sshd and I like this a lot. It’s less complicated than wireguard as a kernel module, and doesn’t run as root either. I had issues to access servers at work today due to heavy ssh port scanning so I’ll need to implement some countermeasures this week anyway. Have you any preferred ways to deal with ssh connection saturation? FreeBSD has blocklistd integrated and that’s a pretty good addition, along with pf ofc.
Replies
1