fwknop

All -> Internet & Networking -> Firewalls All -> Security -> Firewalls
fwknop Not Rated
Description fwknop stands for the "FireWall KNock OPerator", and implements an authorization scheme called Single Packet Authorization (SPA). This method of authorization is based around a default-drop packet filter (fwknop supports both iptables on Linux systems and ipfw on FreeBSD and Mac OS X systems) and libpcap. SPA requires only a single encrypted packet in order to communicate various pieces of information including desired access through a firewall policy and/or complete commands to execute on the target system. By using a firewall to maintain a "default drop" stance, the main application of fwknop is to protect services such as OpenSSH with an additional layer of security in order to make the exploitation of vulnerabilities (both 0-day and unpatched code) much more difficult. With fwknop deployed, anyone using nmap to look for sshd can't even tell that it is listening; it makes no difference if they have a 0-day exploit or not. The authorization server passively monitors authorization packets via libcap and hence there is no "server" to which to connect in the traditional sense. Access to a protected service is only granted after a valid encrypted and non-replayed packet is monitored from an fwknop client.


Home Page: http://www.cipherdyne.org/fwknop/


Interface: Command Line

Rating: Not Rated (0 votes)

Upload Screenshots

Images must be in GIF, JPG, or PNG formats and can be no larger than 2 MB. Only one file can be uploaded at a time. A description can be included, but it is optional.

Submit Web Links

Submit the title and link (including http://) to an article pertaining to fwknop and it will appear in the Web Links section of the right banner. Contact us here if an entry needs to be removed.

» login or register to write a review

Linux App Finder

User login

Categories

Recent blog posts

Learn More

Who's online

Online users

Subscribe

Advertisement

Web Links

Recent comments

Active forum topics