michaelrash - Slashdot User

Submission + - Fwknop on OpenWrt and Android

Submitted by Jonathan P. Bennett on Thursday June 18, 2015 @10:18PM

Jonathan P. Bennett writes: Fwknop is a great way to maintain remote access into a network without leaving ports open, and now there are tools that make it much easier to use. We've put together a demonstration of how the newly released android client, fwknop2 (also on F-droid), can import encryption and HMAC keys using QR codes via the phone's camera, and provide nat access back into other devices on the internal network.
More information can be found on the Cipherdyne site or in my blog post on the matter.

Comment michaelrash (Score 1) 37

by michaelrash on Tuesday June 17, 2008 @12:24AM (#23818859) Attached to: Trending Low-Volume Google Searches with Gootrude

I have updated my original post to address some of the comments made here on Slashdot. Peer review is always good, and thank you all for the insights.

Submission + - Trending Low-Volume Google Searches - Introducing (cipherdyne.org)

Submitted by

michaelrash

on Monday June 16, 2008 @08:28AM

michaelrash writes: "The Google Trends project provides some visibility into how popular search terms like "Myspace" or "2008 Election" change over time and points out relevant news articles that create jumps in search volume. This is a handy tool, but there are many search terms that Google Trends does not display any results for. Such terms (such as "Linux Firewalls" — with the quotes) have insufficient search volumes to display graphs according to the error message that Google Trends generates. Fair enough. Google sets an internal threshold on search volume, and this threshold could be set for reasons that range anywhere from Google Trends is still experimental to Google not wanting to provide data on how it builds its massive search index for emerging search terms. Either way, I would like a way to see search term trends that Google doesn't currently make available to me. So, I've released an open source project called "Gootrude" to do just this. For the past year Gootrude has collected a set of low-volume search terms and interfaced with Gnuplot to visualize them."

Submission + - Port Forwarding via Single Packet Authorization (cipherdyne.org)

Submitted by

michaelrash

on Sunday April 06, 2008 @01:13PM

michaelrash writes: "Most port knocking or Single Packet Authorization implementations offer the ability to passively authenticate clients for access only to a locally running server (such as SSHD). That is, the daemon that monitors a firewall log or that sniffs the wire for port knock sequences or SPA packets can only reconfigure a local firewall to allow the client to access a local socket. For local servers, this works well enough, but suppose that you are on travel and that you ultimately want to access an SSH daemon that is running on an internal system with a non-routable IP? If the SPA software is deployed on a Linux gateway that is protecting a non-routable internal network and has a routable external IP address, it is inconvenient to first have to login to the gateway and then login to the internal system. The latest release of fwknop supports the automatic creation of iptables NAT rules to allow temporary access directly to internal systems by forwarding a connection on through the gateway system directly to an internal server. Such access is granted only after a valid SPA packet (i.e. non-replayed and encrypted either via a shared Rijndael key or via GnuPG) is passively sniffed off the wire. It is no longer necessary to login to the gateway system first and use it as a jump point for access to internal systems."

Slashdot Top Deals