|
about
firewall primer details knock lab download implementations documentation FAQ images resources contact 
The port knocking Perl prototype is licensed under the GPL license.
GPL License
 |
Firewall PrimerPerl prototype: v0.30
2004-Nov-14 18:59 | ...more new Net::Pcap support added to sniff packets directly ...more
This section introduces the idea of communication ports and firewalls at a very introductory level. If you are familiar with TCP/IP and firewalls, you can skip past this section and go straight to the details of the port knocking implementation. This introduction is not a technical document and is targetted at a non-technical audience or novices computer users and administrators.
filteringFiltering incoming traffic by IP address can minimize a server's exposure to connections from untrusted IP ranges or IPs of computers known to originate or mediate hack attempts. IP filtering can be used to
Figure 6 illustrates a typical scenario in which IP filtering is useful. If a known network is found to harbour malevolent users (sipping espressos and trying to penetrate and exploit systems - maybe yours!) filtering all incoming traffic from the network will deflect the aggression to other systems. After all, a lot of internet security is about making yourself less of a target than the computer next-IP to you. This method works very well if (a) you know exactly on which network(s) these espresso junkies (no flames please - I love espresso) reside, and (b) they are stationary and do not change IP addresses or break into hosts which your firewall does not filter.   
Figure 6 | A possible scenario motivating the use of IP filtering. Two remote locations house trusted users, indicated by green hats, and malevolent users, shown by red hats. If you can map the malfeasants to a set of IP addresses, blocking incoming traffic from these IPs will reduce the risk of attack. In this example, the bad guys cannot connect to port 110.
last updated 2004-Apr-05 16:58
|