knockd on Solaris 2.9

From: Craig Russell (crussell_1969@yahoo.com)
Date: Thu Jun 16 2005 - 21:59:50 EDT


I need a way to open up port 22 for sftp 'selectively'
on a web server to the internet.

Here is my situation:
webhosting that has been setup on an internal network
and designed to be accessed only via the internal
network. The assumptions have now been changed and I
need to allow outsiders to have access to upload web
content to the server. Unfortunately, the clients are
all dsl, cable users with dynamic IP's so I can't
restrict via IP (I could restrict via IP ranges but
most of the clients are using either Adelphia or
Verizon so they are pretty large ranges anyway). I've
already recompiled ssh to allow for a chroot'd
environment so that at least the accounts I'm handing
out are relatively benevolent if they are compromised
(one website, as opposed to potentially the whole
server) but I hate having to open up port 22 to the
internet.

In my searching I stumbled upon knockd as a potential
solution but I've never used it so I was just
wondering if anyone had had any experience with this
on a Solaris platform. If someone were to do a full
portscan against the machine they could figure out the
steps required to open the port, but not necessarily
the order and all I'm really trying to do is throw up
one more roadblock in the way of a potential hacker.

Any thoughts or alternative suggestions?

Thanks,

Craig Russell
AirDigitalNetwork.com
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers



This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:30:55 EDT