> Hi,
>
> To be honest, you'd be better off using PPTP if coming from Windoze or
IPSEC
> (FreeSWAN) if Linux. You can then firewall the resulting ppp* or ipsec*
device
> to control access.

I wont a bidirectional communication to get the hole. My actual idea is to
play
with the source-ports and simulate a connection to the server on a often
used
destination port, e.g. tcp 80, dont care a httpd is runing there.
This should look like "normal" traffic, not know where the advantage is, yet
:O)

> Your proposal begs the question "when do I close the hole?". We solved
this by
> establishing a connection that was open for the duration. It works as
follows:

When I logout myself via .bash_logout e.g.

> Nominate a port. can be udp but tcp preferred. The port should be one that
> should not attract much attention.
> Client calls server
> Server issues challenge
> Client responds
> Server opens firewall eg you drop into a jump to a pre-defined chain.
> After a timeout (60s/5m/or what you want) Server issues a new challenge
> Client responds. If no response, Server closes firewall
> If tcp is used, you can also close firewall when connection drops.

A time-out can be a good idea, e.g. my connection died before i closed the
hole again.

regards

Michael

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]