:: Re: [Dng] Hardened Devuan (was Re: …
Top Pagina
Delete this message
Reply to this message
Auteur: Adam Borowski
Datum:  
Aan: dng
Nieuwe Onderwerpen: Re: [Dng] Hardened Devuan
Onderwerp: Re: [Dng] Hardened Devuan (was Re: Plan for Devuan to use Mozilla products as is)
On Fri, Mar 06, 2015 at 03:19:29PM -0300, hellekin wrote:
> *** I'm so happy to see this group. I've been using this kernel lately,
> running on Parabola:
>
> 3.14.34-gnu-201502271838-1-lts-grsec-knock
>
> GRSecurity, and Knock support. Knock is a kernel patch that enables
> single packet port knocking [0], thwarting common scanning attacks. I
> would love to see this running on Devuan. Parabola GNU/Linux was the
> first distro to deploy it, and I've been using it happily with SSH.


It looks like Knock breaks everything TCP SQN is used for, including even
such basics as packet retransmission/duplication detection. I've read the
LKML discussion to see if I'm missing something, but apparently, I don't.

As such, I'd say Knock has no place on a distribution kernel.

--
// If you believe in so-called "intellectual property", please immediately
// cease using counterfeit alphabets. Instead, contact the nearest temple
// of Amon, whose priests will provide you with scribal services for all
// your writing needs, for Reasonable and Non-Discriminatory prices.