Is Portknocking "Real" Security? Page 4

Author	All Replies
TheWiseGuy Dog And Butterfly Premium,MVM join:2002-07-04 Yonkers, NY 1 edit	reply to nwrickert Re: Is Portknocking "Real" Security? Does this help? »www.portknocking.org/view/about/requirements Edit: Assuming you want to run the server on a specific IP and do not need to dynamically select the IP, you should be able to forward the port (you would need to anyway) to the firewalled server and then read the logs as they come into that server. So I assume whose rules can be dynamically modified. is not absolutely needed for the router. I believe it needs to be able to log via syslog.
	to forum · permalink · · 2007-04-02 12:53:13 ·
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	Does this help? From the linked reference, "Any *NIX host running IPCHAINS/IPTABLES is suitable." However, most inexpensive broadband routers are not suitable. So this is mostly a geek technique, particularly for those enthralled by the gee-whiz nature of the methodology. -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.10
	to forum · permalink · · 2007-04-02 14:39:35 ·
TheWiseGuy Dog And Butterfly Premium,MVM join:2002-07-04 Yonkers, NY	Not really, again if the router can log packets via syslog to the server machine, all you need to do is forward the Port to the firewalled server. The server then opens or closes its own port. -- Warning, If you post nonsense and use misinformation and are here to argue based on those methods, you will be put on ignore.
	to forum · permalink · · 2007-04-02 14:48:59 ·
Daniel Premium,MVM join:2000-06-26 Pleasanton, CA clubs: 1 edit	reply to nwrickert However, most inexpensive broadband routers are not suitable. So this is mostly a geek technique, particularly for those enthralled by the gee-whiz nature of the methodology. Ah, now I see where you're coming from. So if a security layer doesn't work on "inexpensive broadband routers" then it's essentially a toy technology? I think this illustrates why you're completely disjointed from those who are in support of this technology as a layer: you're thinking of things from a home/SOHO standpoint, and we're coming at it from a corporate perspective. No offense to you, but this has largely been an enterprise discussion all along, so busting out now with "this doesn't work on my Linksys" isn't really a strong argument. At any rate, can we agree that for corporate situations (where they're not likely to be using broadband routers) this is a decent layer? If so then I'll definitely agree that it might be overkill for the average home setup. -- dmiessler.com -- grep understanding knowledge
	to forum · permalink · · 2007-04-03 00:24:08 ·
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL	So if a security layer doesn't work on "inexpensive broadband routers" then it's essentially a toy technology? I never said that. -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.10
	to forum · permalink · · 2007-04-03 00:37:15 ·
Daniel Premium,MVM join:2000-06-26 Pleasanton, CA clubs:	said by nwrickert : However, most inexpensive broadband routers are not suitable. So this is mostly a geek technique, particularly for those enthralled by the gee-whiz nature of the methodology. -- dmiessler.com -- grep understanding knowledge
	to forum · permalink · · 2007-04-03 00:39:12 ·
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	Industrial CISCO routers are not using IP tables either. And if the firewall were running on CISCO equipment at our work, there is no way our servers would be given access to the firewall logs on those routers. I provided an example with the broadband routers. I didn't say that's the only example. I used broadband routers as my example, because I had already commented on them earlier in an earlier post. What you wrote in response to that earlier post was wrong and insulting. -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.10
	to forum · permalink · · 2007-04-03 01:08:39 ·
Daniel Premium,MVM join:2000-06-26 Pleasanton, CA clubs:	reply to Daniel Ok, man, whatever... I guess there's no convincing you of anything here despite how many disagree with you. If you want to think it's a waste of time, whiz-bang technology that adds complexity with no security benefit then so be it. No hard feelings, man. Ultimately, in the grand scheme of things, it matters very little. Cheers, -Daniel -- dmiessler.com -- grep understanding knowledge
	to forum · permalink · · 2007-04-03 01:12:44 ·


Thursday, 10-Dec 22:41:04	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF