-
tosh
Imagine your SSH server only listens on an IPv6 address, and where the last 6 digits are changing every 30 seconds as a TOTP code...
-
knockknock
A simple, secure, and stealthy port knocking implementation that does not use libpcap or bind to a socket interface.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
> Or is completely firewalled off from the world, and only accessible once you've authenticated yourself to your VPN. Or only reachable once you first authenticate (public/private keys, two factor crypto key auth, etc) to a bastion host, and then reach the system from the bastion.
There's a lot of attack surface in there. Port-knocking is supposed to be a way to reduce attack surface. It's a belt-and-suspenders approach to the reality that even fully patched openssh has exploitable bugs.
Using this tool, a MITM with an openssh 0day can just follow you in. KnockKnock [0] and tools like it do not suffer from this defect. This tool is conceptually similar to KnockKnock, using OTP instead of a monotonic counter. Using OTP opens it up to replay attacks.
https://github.com/moxie0/knockknock
Related posts
-
Alacritty – A fast, cross-platform, OpenGL terminal emulator
-
GPT-Burn: A simple and concise implementation of the GPT in pure Rust
-
Embd-rs: Read files or directories from the filesystem at runtime on debug, emb
-
Amber, programming language that compiles to Bash
-
Show HN: Auggie – bringing the GPT-4o desktop experience to Windows