On Tue, Feb 16, 2010 at 11:28:28AM +0100, Per-Olov Sj?holm wrote:
quoted text
> 
> On 16 feb 2010, at 11.17, Bret S. Lambert wrote:
> 
> >>> There is a way to do port knocking in pf without any external help. Maybe
> >>> you can figure it out. I will not give more hints since port knocking is a
> >>> dumb idea better spend your time reading on authpf(8).
> >>> 
> >>> --
> >>> :wq Claudio
> >>> 
> >> 
> >> How do you use authpf from a IPhone or similar...
> >> 
> >> The reason is to use and RSS reader that cannot autenticate. I want some sort
> > 
> > An RSS reader that can't authenticate, but can ping a series of TCP/IP ports?
> 
> Where did you get that from? I didn't say it could... No but all devices with an RSS client, even phones, have a web browser that can have a bookmarked IP and obscure port.
> > 
> >> of security for it even though it's not critical. Therefor I want to just have
> >     ^^^^^^^^
> > That word you keep using...I don't think it means what you think it means.
> > Unless you've got a mechanism to randomize the ports on every port-knocking
> > attempt, you're essentially using a plaintext password on the internet.
> > 
> 
> None said anything about a password.. From where did you get that? 

I said that you're *essentially* using a plaintext password, not that
you're *actually* using a plaintext password. My meaning was that you're
effectively using a security model that's been known to be bad for as
long as I've been in the tech industry.

quoted text
> forcing the clients to first open their browser and access a
> specific IP and a specific port.

Yes, because those are impossible for an attacker to guess.

quoted text
> But again, the data is not that critical.

Then why care about "security" at all?

quoted text
> And it's not likely they will guess the link.

Congratulations; I'm actually at a loss for words after reading that.