tag:blogger.com,1999:blog-20011960.post526878194635602631..comments2024-01-15T00:25:02.006-08:00Comments on HolisticInfoSecâ„¢: Single Packet Authorization: The Ghost in the MachineRuss McReehttp://www.blogger.com/profile/05647342839278416757noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-20011960.post-75196788021088180652010-05-21T10:21:04.343-07:002010-05-21T10:21:04.343-07:00Don't be silly, with modern wireless tech the ...Don't be silly, with modern wireless tech the pen team doesn't need to use the client's network to retrieve their script from their office. Unless they're inside a faraday cage or something.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-20011960.post-39427856640908716052010-01-07T14:00:34.241-08:002010-01-07T14:00:34.241-08:00With SPA via fwknop you're only "authenti...With SPA via fwknop you're only "authenticating" to iptables in essence. Once the firewall opens the given port for you and forwards the traffic to the appropriate service, normal authentication requirements still apply. Thus if you use SPA for SSH, you'll still need to authenticate to the service in addition to you SPA password.<br />The one-time connection I describe is for use via NetCat, not SSH. <br />Once the single connection is made, the listener is no more.Russ McReehttps://www.blogger.com/profile/05647342839278416757noreply@blogger.comtag:blogger.com,1999:blog-20011960.post-65004901951070226902010-01-06T17:21:26.278-08:002010-01-06T17:21:26.278-08:00Does it make sense to add an OTP (one time passwor...Does it make sense to add an OTP (one time password) access layer after the ssh port is opened up by SPA ?Anonymousnoreply@blogger.com