Quoting Gerald Combs gerald@ethereal.com:
There's also "port knocking": http://www.portknocking.org/ . In order for the firewall to open up port 22, you would have to send a special sequence of packets, e.g. attempt to connect to a specific combination of ports in a specific order.
What is the current thinking on port knocking? When I first heard about it, I thought is sounded like an interesting idea. Keep your ports closed, unless someone knocks on various ports and in some preprogrammed order and then fire up the service for that particular IP address, etc.
It does add an additional layer and it's all about layers, right?
How complicated can port knock sequences be? Can you do 1024 or more seemingly random knocks on a variety of ports in fairly short order? Can the client and the host be programmed to use key pairs so the knock sequence is not the same every time?
-- Dave Hull http://insipid.com