**** BEGIN LOGGING AT Wed Mar 16 02:59:58 2016 Mar 16 14:39:29 freemangordon: ^^^ https://gnunet.org/kirsch2014knock in KP? Mar 16 14:39:41 worthwhile Mar 16 16:20:25 ~tell xes about flashing Mar 16 17:58:13 DocScrutinizer05: i don;t see the patch Mar 16 17:59:54 freemangordon: dunno, the master thesis has code snippets, maybe they didn't check them in to git separately Mar 16 18:01:22 Parabola GNU/Linux is the only distro I know that provides it Mar 16 18:02:21 hellekin: ^^^^ Mar 16 18:05:47 hard to believe there's no git for that Mar 16 18:06:18 https://gnunet.org/sites/default/files/ma_kirsch_2014_0.pdf p.20 ff are snippets Mar 16 18:10:11 https://github.com/useidel/knock/find/master Mar 16 18:15:23 https://lwn.net/Articles/628279/ Mar 16 18:19:53 https://wiki.parabola.nu/Knock Mar 16 18:36:29 it's a tad annoying that OpenSSH doesn't work with the LD_PRELOAD libknockify Mar 16 18:37:54 maybe a security feature of SSH Mar 16 18:43:13 DocScrutinizer05: surely you could just use ProxyCommand Mar 16 18:43:30 with nc Mar 16 18:43:34 or some specialized client Mar 17 00:58:04 Package tcllib is not available, but is referred to by another package. Mar 17 00:58:04 This may mean that the package is missing, has been obsoleted, or Mar 17 00:58:04 is only available from another source Mar 17 00:58:08 no tcllib for n900? Mar 17 00:59:13 21:36:29] it's a tad annoying that OpenSSH doesn't work with the LD_PRELOAD libknockify Mar 17 00:59:13 i wonder why isn't this done on the iptables level, using insane hacks like LD_PRELOAD instead Mar 17 01:56:41 well, the sequence number needs to be consistent Mar 17 01:57:40 and LD_PRELOAD is a rather sane hack to set some now flag bits of a systemcall to 1 Mar 17 01:57:51 sequence number? Mar 17 01:57:57 s/now/new/ Mar 17 01:57:57 DocScrutinizer05 meant: and LD_PRELOAD is a rather sane hack to set some new flag bits of a systemcall to 1 Mar 17 01:58:04 SQN Mar 17 01:58:15 https://gnunet.org/sites/default/files/ma_kirsch_2014_0.pdf Mar 17 01:58:44 wow 66 pages about port knocking Mar 17 01:59:14 much secrecy Mar 17 01:59:15 2 Background Mar 17 01:59:22 googled that already Mar 17 01:59:45 SEQ. not SQN Mar 17 02:00:25 page 3 Mar 17 02:01:28 and page 11 Mar 17 02:01:48 you usually don't have access to sequence number Mar 17 02:02:16 neither on originating nor on reply side Mar 17 02:03:19 >> As TCP Stealth is to be stealthy, it is obvious that the TCP SYN used by TCP Stealth may not structually deviate from ordinary TCP SYN packets. Comparing the TCP header fields (see Figure 27) with their predefined values and meanings according to RFC793 [24] it follows that only the sequence number can be used in order to covertly transmit in- formation<< Mar 17 02:05:21 the purpose of "knock" is to hide services from any portscans like done on a regular global basis by NSA et al Mar 17 02:06:08 no nmap will disclose your SSH service running on port 22 Mar 17 02:07:04 the SYN TCP paket only succeeeds when the stealth token in SEQ is transferred to the server Mar 17 02:08:07 any rogue adversary will think the port is closed **** ENDING LOGGING AT Thu Mar 17 02:59:58 2016