Re: [PATCH] TCP: add option for silent port knocking with integrity protection

[Hagen Paul Pfeifer]

On 19 August 2014 21:36, Alexander Holler <holler@xxxxxxxxxxxxx> wrote:

> It doesn't have to work in every environment and it doesn't have to solve
> all existing problems in the world. ;)
>
> But it enables people to protect a bit more against malicious people or
> governments.
>
> And it is really very easy to use. It took me around half an hour to find
> the places in openvpn and openssh where I had to add the setsockopt() call
> and it can be used even easier with preloading libknockify.so.
>
> There can be found much more useless options in the kernel. At least I like
> it and it fits my needs too.

It's not about to add another "useless options", it's about changing
the major transport protocol. You should probably join the IETF
tcpm/tcpinc mailing list where TCP stealth is currently actively
discussed. TCP stealth has problems and you can probably help to
address them on a *technical level* if you like the mechanism.

Hagen
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/