linux.com Article on fwknop
21 May, 2008
At linux.com Bob Currier has written a featured article on fwknop. He gives a good overview of how Single Packet Authorization (SPA) is different from port knocking, and illustrates how to use fwknop to harden SSH communications. Here is a quote from the article:
Single packet authorization distills the essence of the port knocking concept down to
a single packet. Rather than sending a series of packets to predefined ports, single
packet authorization encodes the "knock" within the payload of one packet. Once a
proper key has been received, SPA applications modify firewall rules to allow access
to the authenticated host. We'll examine how this is accomplished by installing and
testing the Firewall KNock Operator, better known as fwknop.
There are several comments attached to the article from interested users, and additional discussion of both port knocking and SPA topics can be found at Sebastien Jeanquier's online forum.
