[Leaplist] will this work with IPCop
Bryan J. Smith
b.j.smith at ieee.org
Fri Jan 11 00:55:50 GMT 2008
The approach is nothing new, it's used in SecureID keys. In fact,
the common rotation of using 1 minute shows there's little
originality here, as that's what SecureID keys use. ;)
Frankly, I don't think it will work because ...
- 1 minute is too short, even for commonly time synchronized systems
- A single goof gets you blacklisted
Now if it was loosened to 5 minutes and 3 goofs, that would be far
more useful and well aligned with common approaches.
Even better would be to employ a SecureID device to create the port
numbers. SecureID devices have 6 digits, so 3 digits could be the
last 3 digits of the original knock port, and the next 3 digits could
be the last 3 digits of the actual service port (after the knock).
Now that would work even better for most enterprises.
--
Bryan J. Smith Professional, Technical Annoyance
b.j.smith at ieee.org http://www.linkedin.com/in/bjsmith
------------------------------------------------------
Fission Power: An Inconvenient Solution
More information about the Leaplist
mailing list