[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <53F4654C.10101@ahsoftware.de>
Date: Wed, 20 Aug 2014 11:07:24 +0200
From: Alexander Holler <holler@...oftware.de>
To: Hagen Paul Pfeifer <hagen@...u.net>
CC: Eric Dumazet <eric.dumazet@...il.com>,
Christian Grothoff <grothoff@...tum.de>,
Jacob Appelbaum <jacob@...elbaum.net>,
Andi Kleen <andi@...stfloor.org>,
Stephen Hemminger <stephen@...workplumber.org>,
David Miller <davem@...emloft.net>,
netdev <netdev@...r.kernel.org>, linux-kernel@...r.kernel.org,
knock@...net.org
Subject: Re: [PATCH] TCP: add option for silent port knocking with integrity
protection
Am 20.08.2014 10:24, schrieb Hagen Paul Pfeifer:
> On 19 August 2014 21:36, Alexander Holler <holler@...oftware.de> wrote:
>
>> It doesn't have to work in every environment and it doesn't have to solve
>> all existing problems in the world. ;)
>>
>> But it enables people to protect a bit more against malicious people or
>> governments.
>>
>> And it is really very easy to use. It took me around half an hour to find
>> the places in openvpn and openssh where I had to add the setsockopt() call
>> and it can be used even easier with preloading libknockify.so.
>>
>> There can be found much more useless options in the kernel. At least I like
>> it and it fits my needs too.
>
> It's not about to add another "useless options", it's about changing
> the major transport protocol. You should probably join the IETF
> tcpm/tcpinc mailing list where TCP stealth is currently actively
> discussed. TCP stealth has problems and you can probably help to
> address them on a *technical level* if you like the mechanism.
As written above, it doesn't have to be perfect and it doesn't have to
work in every environment.
And I didn't say it is useless. At least that was not my intention (I'm
no native english speaker). In fact I find it very useful. Such useful
that I would like it to be already included in the kernel. It doesn't
do any harm if disabled, besides a few more lines of (unused) source
code. Thats why I've written my mail (to support inclusion).
For sure it could be better, but I'm already happy with the current
imperfect solution which I can use now and not some perfect solution
which might be available in some years.
Regards,
Alexander Holler
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists