lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 20 Aug 2014 11:07:24 +0200
From:	Alexander Holler <holler@...oftware.de>
To:	Hagen Paul Pfeifer <hagen@...u.net>
CC:	Eric Dumazet <eric.dumazet@...il.com>,
	Christian Grothoff <grothoff@...tum.de>,
	Jacob Appelbaum <jacob@...elbaum.net>,
	Andi Kleen <andi@...stfloor.org>,
	Stephen Hemminger <stephen@...workplumber.org>,
	David Miller <davem@...emloft.net>,
	netdev <netdev@...r.kernel.org>, linux-kernel@...r.kernel.org,
	knock@...net.org
Subject: Re: [PATCH] TCP: add option for silent port knocking with integrity
 protection

Am 20.08.2014 10:24, schrieb Hagen Paul Pfeifer:
> On 19 August 2014 21:36, Alexander Holler <holler@...oftware.de> wrote:
>
>> It doesn't have to work in every environment and it doesn't have to solve
>> all existing problems in the world. ;)
>>
>> But it enables people to protect a bit more against malicious people or
>> governments.
>>
>> And it is really very easy to use. It took me around half an hour to find
>> the places in openvpn and openssh where I had to add the setsockopt() call
>> and it can be used even easier with preloading libknockify.so.
>>
>> There can be found much more useless options in the kernel. At least I like
>> it and it fits my needs too.
>
> It's not about to add another "useless options", it's about changing
> the major transport protocol. You should probably join the IETF
> tcpm/tcpinc mailing list where TCP stealth is currently actively
> discussed. TCP stealth has problems and you can probably help to
> address them on a *technical level* if you like the mechanism.

As written above, it doesn't have to be perfect and it doesn't have to 
work in every environment.

And I didn't say it is useless. At least that was not my intention (I'm 
no native english speaker). In fact I find it very useful. Such useful 
that I would like it to be already  included in the kernel. It doesn't 
do any harm if disabled, besides a few more lines of (unused) source 
code. Thats why I've written my mail (to support inclusion).

For sure it could be better, but I'm already happy with the current 
imperfect solution which I can use now and not some perfect solution 
which might be available in some years.

Regards,

Alexander Holler
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists