Security Basics mailing list archives
Re: Reflexive firewalls?
From: Brian Ford <brford () cisco com>
Date: Tue, 27 Jan 2009 17:51:29 -0500
Ong, I believe you are talking about "port knocking" and not a reflexive firewall. For an example of a 'reflexive' type firewall Google for "reflexive ACL". Liberty, Brian On 1/27/09 8:11 AM, "mgk.mailing" <mgk.mailing () googlemail com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi That sound like the user-auth feature on juniper firewalls, you telnet / http to the target and once authenticated it allows you to ssh etc as per rules setup. Its not great but a useful tool, as it opens up the policy to all at the source address of the successfully authenticated user. /Mgk Ong Chin Kiat wrote:Hi list, I've recently used an SSH server that had an interesting authentication mechanism. You first had to telnet to the machine on a certain port. After doing this (it will just time out - no prompt), you then SSH to the server in question. The telnet step has to be carried out, if not SSH will just time out. My question is, is this called reflexive firewalling, and can I duplicate this with iptables? Thanks.-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkl/CA4ACgkQPxFiS6Ou+MyiogCeMiVXnG4GyhlAXPkr7kwHu7Wy uB0AmgMJiUTMXZBRB5TF23Ds8rA1UGWo =eKXO -----END PGP SIGNATURE-----
Current thread:
- Re: Reflexive firewalls? mgk.mailing (Jan 27)
- Re: Reflexive firewalls? Gustavo Castro (Jan 27)
- R: Reflexive firewalls? Vega - Brunello Ivan (Jan 28)
- Re: Reflexive firewalls? Brian Ford (Jan 28)
- Re: Reflexive firewalls? Gustavo Castro (Jan 27)