fwknop-client | FireWall KNock OPerator client side | Mehr ...
The FireWall KNock OPerator implements an authorization scheme called Single Packet Authorization (SPA), based on Netfilter and libpcap. . Its main application is to protect services such as OpenSSH with an additional layer of security in order to make the exploitation of vulnerabilities (both 0-day and unpatched code) much more difficult. . This is the client program responsible for accepting password input from the user, constructing SPA packets that conform to the fwknop packet format, and encrypting packet data.
fwknop-server | FireWall KNock OPerator server side | Mehr ...
The FireWall KNock OPerator implements an authorization scheme called Single Packet Authorization (SPA), based on Netfilter and libpcap. . Its main application is to protect services such as OpenSSH with an additional layer of security in order to make the exploitation of vulnerabilities (both 0-day and unpatched code) much more difficult. . The authorization server passively listens for authorization packets via libcap, thus preventing any connections from being processed on the traditional port. Access to a protected service is only granted after a valid encrypted and non-replayed packet is detected.
