Re: [PATCH] TCP: add option for silent port knocking with integrity protection
From: Alexander Holler
Date: Wed Aug 20 2014 - 05:07:59 EST
Am 20.08.2014 10:24, schrieb Hagen Paul Pfeifer:
On 19 August 2014 21:36, Alexander Holler <holler@xxxxxxxxxxxxx> wrote:
It doesn't have to work in every environment and it doesn't have to solve
all existing problems in the world. ;)
But it enables people to protect a bit more against malicious people or
governments.
And it is really very easy to use. It took me around half an hour to find
the places in openvpn and openssh where I had to add the setsockopt() call
and it can be used even easier with preloading libknockify.so.
There can be found much more useless options in the kernel. At least I like
it and it fits my needs too.
It's not about to add another "useless options", it's about changing
the major transport protocol. You should probably join the IETF
tcpm/tcpinc mailing list where TCP stealth is currently actively
discussed. TCP stealth has problems and you can probably help to
address them on a *technical level* if you like the mechanism.
As written above, it doesn't have to be perfect and it doesn't have to
work in every environment.
And I didn't say it is useless. At least that was not my intention (I'm
no native english speaker). In fact I find it very useful. Such useful
that I would like it to be already included in the kernel. It doesn't
do any harm if disabled, besides a few more lines of (unused) source
code. Thats why I've written my mail (to support inclusion).
For sure it could be better, but I'm already happy with the current
imperfect solution which I can use now and not some perfect solution
which might be available in some years.
Regards,
Alexander Holler
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/