Oops, forgot the reply behavior of this list! Michael, Don't reply to the direct mail as it will drop down a spam trap. John ----- Forwarded message from John Trickey <lists@g4rev.supanet.com> ----- Date: Sat, 22 Feb 2003 15:55:42 +0000 From: John Trickey <lists@g4rev.supanet.com> Reply-To: John Trickey <lists@g4rev.supanet.com> Subject: Re: [suse-security] OpenSesamMe To: GentooRulez <paranoiac_user@freenet.de> Quoting GentooRulez <paranoiac_user@freenet.de>:

OpenSesamMe

is there a tool outthere that work as follows:

...etc...

Hi, To be honest, you'd be better off using PPTP if coming from Windoze or IPSEC (FreeSWAN) if Linux. You can then firewall the resulting ppp* or ipsec* device to control access. I have implemented something similar but regretably the code is copyright a former employer :-( However in those days secure tunnels were not cheaply available. Your proposal begs the question "when do I close the hole?". We solved this by establishing a connection that was open for the duration. It works as follows: Nominate a port. can be udp but tcp preferred. The port should be one that should not attract much attention. Client calls server Server issues challenge Client responds Server opens firewall eg you drop into a jump to a pre-defined chain. After a timeout (60s/5m/or what you want) Server issues a new challenge Client responds. If no response, Server closes firewall If tcp is used, you can also close firewall when connection drops. Sorry, but I cannot release the port choice and challenge/response algorithm. HTH John ----- End forwarded message -----