Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
RE: Port-Knocking vulnerabilities?
Jan 06 2008 04:49AM
Craig Wright (Craig Wright bdo com au)
I admit I have not looked at fwknop, so I will withhold comment until I have. It is not port knocking, so the issues there do not apply.
The idea of these servers being undetectable is a falacy. SPA still leaves itself open to diagnostics for detection. Timing differences give away that...
[ more ]
Copyright 2010, SecurityFocus