'signature' filtering

Say that I am running a ssh server on port 22.
Normally, if you do
telnet servername 22
you get:
Connected to linux.private.net (xx.xx.xx.xx).
Escape character is '^]'.
SSH-1.99-OpenSSH_3.9p1
.....

I'd like to be able to

1) set up filtering on my server so that only certain
connect packets are answered... IP Address filtering
is not enough. I want a special flag/trigger/bit/signature/etc
so that only certain machines get the connect message even
if they are all behind the same NAT device.

2) set up something on the initial connect from the client
to trigger #1 above.


Can you do this is TOS and packet mangleing or something else
with linux?

Thanks - jack

--
D.A.M. - Mothers Against Dyslexia

see http://www.jacksnodgrass.com for my contact info.

jack - Grapevine/Richardson

Jack Snodgrass wrote:
> Say that I am running a ssh server on port 22.
> Normally, if you do
> telnet servername 22
> you get:
> Connected to linux.private.net (xx.xx.xx.xx).
> Escape character is '^]'.
> SSH-1.99-OpenSSH_3.9p1
> ....
>
> I'd like to be able to
>
> 1) set up filtering on my server so that only certain
> connect packets are answered... IP Address filtering
> is not enough. I want a special flag/trigger/bit/signature/etc
> so that only certain machines get the connect message even
> if they are all behind the same NAT device.
>
> 2) set up something on the initial connect from the client
> to trigger #1 above.
>
>
> Can you do this is TOS and packet mangleing or something else
> with linux?

Perhaps you search for something like port knocking

http://www.portknocking.org/


>
> Thanks - jack
>

--
Weill Philippe - Administrateur Systeme et Reseaux
CNRS Service Aeronomie - Universite Pierre et Marie Curie -
Tour 45/46 3e Etage B302 - 4 Place Jussieu - 75252 Paris Cedex 05 - FRANCE
Email(E-Mail Removed) | tel:+33 0144274759 Fax:+33 0144273776

> I'd like to be able to
>
> 1) set up filtering on my server so that only certain
> connect packets are answered... IP Address filtering
> is not enough. I want a special flag/trigger/bit/signature/etc
> so that only certain machines get the connect message even
> if they are all behind the same NAT device.
> 2) set up something on the initial connect from the client
> to trigger #1 above.
> Can you do this is TOS and packet mangleing or something else
> with linux?
I guess it depends on what you trying to do. You could set some TOS
bits on the client. Filtering would work as long as the NAT device and
everything else inbetween preserves them. There is nothing to stop
someone else on another machine from setting the TOS bits the same way -
if they know about the scheme, of course.
Another possibility is to have ssh do the authentication for you.
That's what it is designed to do, after all. The downside is that port
22 might appear open somewhere that you don't want it to...

On Tue, 22 Mar 2005 15:23:40 +0100, Philippe WEILL wrote:

>
>
> Jack Snodgrass wrote:
>> Say that I am running a ssh server on port 22.
>> Normally, if you do
>> telnet servername 22
>> you get:
>> Connected to linux.private.net (xx.xx.xx.xx).
>> Escape character is '^]'.
>> SSH-1.99-OpenSSH_3.9p1
>> ....
>>
>> I'd like to be able to
>>
>> 1) set up filtering on my server so that only certain
>> connect packets are answered... IP Address filtering
>> is not enough. I want a special flag/trigger/bit/signature/etc
>> so that only certain machines get the connect message even
>> if they are all behind the same NAT device.
>>
>> 2) set up something on the initial connect from the client
>> to trigger #1 above.
>>
>>
>> Can you do this is TOS and packet mangleing or something else
>> with linux?
>
> Perhaps you search for something like port knocking
>
> http://www.portknocking.org/
>

Thanks. I've never heard of that. That's the concept I want... now
I just have to implement it.

jack

--
D.A.M. - Mothers Against Dyslexia

see http://www.jacksnodgrass.com for my contact info.

jack - Grapevine/Richardson