:: Re: [Dng] Hardened Devuan (was Re: …
Top Page
Delete this message
Reply to this message
Author: Adam Borowski
Date:  
To: dng
New-Topics: Re: [Dng] Hardened Devuan
Subject: Re: [Dng] Hardened Devuan (was Re: Plan for Devuan to use Mozilla products as is)
On Fri, Mar 06, 2015 at 03:19:29PM -0300, hellekin wrote:
> *** I'm so happy to see this group. I've been using this kernel lately,
> running on Parabola:
>
> 3.14.34-gnu-201502271838-1-lts-grsec-knock
>
> GRSecurity, and Knock support. Knock is a kernel patch that enables
> single packet port knocking [0], thwarting common scanning attacks. I
> would love to see this running on Devuan. Parabola GNU/Linux was the
> first distro to deploy it, and I've been using it happily with SSH.


It looks like Knock breaks everything TCP SQN is used for, including even
such basics as packet retransmission/duplication detection. I've read the
LKML discussion to see if I'm missing something, but apparently, I don't.

As such, I'd say Knock has no place on a distribution kernel.

--
// If you believe in so-called "intellectual property", please immediately
// cease using counterfeit alphabets. Instead, contact the nearest temple
// of Amon, whose priests will provide you with scribal services for all
// your writing needs, for Reasonable and Non-Discriminatory prices.