(github.com)

67 points xlmnxp | 1 comments | 22 Oct 25 08:37 UTC | HN request time: 0s | source

Show context

tptacek ◴[22 Oct 25 13:01 UTC] No.45668433[source]▶

I will never, ever understand this "single-packet authentication" "port knocking" fetish. It has never made sense. Bin it, along with fail2ban, and just set up WireGuard.

Your network authentication should not be a fun game or series of Rube Goldberg contraptions.

replies(7): >>45668640 #>>45668974 #>>45669023 #>>45672079 #>>45672470 #>>45673304 #>>45676649 #

hatradiowigwam ◴[22 Oct 25 13:38 UTC] No.45668974[source]▶

>>45668433 #

Fail2ban is not in the same realm as port knocking, and to "bin it" would be foolish security posture at best, and negligent at worst.

replies(2): >>45669348 #>>45669979 #

mdhb ◴[22 Oct 25 14:03 UTC] No.45669348[source]▶

>>45668974 #

I’m not super familiar with the intricacies of fail2ban and don’t currently understand why op made that claim but would very much like to know more because he is talking about a topic he is highly regarded for and I respect that. I just don’t have the context.

replies(2): >>45670625 #>>45671161 #

1. ◴[22 Oct 25 16:01 UTC] No.45671161[source]▶

>>45669348 #

↑

Knocker, a knock based access control system for your homelab