FreshPorts -- The Place For Ports If you buy from Amazon USA, please support us by using this link.
Follow us
Blog
Twitter

I am looking for an LTO tape library. Do you have one to spare?
Commit found by message id
Fri, 13 Jun 2008
[ 03:43:51 edwin ] Original commit 
fwknop security files touched by this commit SPA implementation for Linux and FreeBSD
head/security/Makefile
New port: security/fwknop fwknop,"FireWall KNock OPerator", implements
Single Packet Authorization (SPA).

        fwknop stands for the "FireWall KNock OPerator", and
        implements an authorization scheme called Single Packet
        Authorization (SPA). This method of authorization is based
        around a default-drop packet filter (fwknop supports both
        iptables on Linux systems and ipfw on FreeBSD and Mac OS X
        systems) and libpcap.

        SPA requires only a single encrypted packet in order to
        communicate various pieces of information including desired
        access through an iptables policy and/or complete commands
        to execute on the target system. By using iptables to
        maintain a "default drop" stance, the main application of
        this program is to protect services such as OpenSSH with
        an additional layer of security in order to make the
        exploitation of vulnerabilities (both 0-day and unpatched
        code) much more difficult. With fwknop deployed, anyone
        using nmap to look for sshd can't even tell that it is
        listening; it makes no difference if they have a 0-day
        exploit or not. The authorization server passively monitors
        authorization packets via libcap and hence there is no
        "server" to which to connect in the traditional sense.
        Access to a protected service is only granted after a valid
        encrypted and non-replayed packet is monitored from an
        fwknop client (see the following network diagram; the SSH
        session can only take place after the SPA packet is monitored):

PR:             ports/118229
Submitted by:   Sean Greven <sean.greven@gmail.com>

Number of ports [& non-ports] in this commit: 2

show all files

Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
FAQ
How big is it?
The latest upgrade!
Privacy
Forums
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
bugzilla40*Apr 18
bugzilla40*Apr 18
bugzilla42*Apr 18
bugzilla42*Apr 18
bugzilla44*Apr 18
bugzilla44*Apr 18
curlApr 11
dbus-glibApr 11
libaudiofileApr 11
linux-f10-curlApr 11
linux-f10-dbus-glibApr 11
linux-f10-libaudiofileApr 11
linux-f10-nas-libsApr 11
linux-f10-openldapApr 11
mingw32-openssl*Apr 11

13 vulnerabilities affecting 18 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds


Statistics
Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:
Port count 24362
Broken 174
Deprecated 86
Ignore 526
Forbidden 4
Restricted 263
No CDROM 108
Vulnerable 29
Expired 8
Set to expire 71
Interactive 22
new 24 hours 3
new 48 hours6
new 7 days17
new fortnight37
new month148


Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2014 Dan Langille. All rights reserved.