In case, the "port knocking supervisor" keeps track of the knocking IP, then
finally the real proxy port is opened ONLY for this knocking IP.
So, unless you know how the port knocking is done correctly, you will not be
granted access to the real proxy port.
Practically secure, in case
- check for port scanning. Remember scanners IP
- detect port knocking IP
-IF scanners IP, deny access to any port
-Forward to real proxy port
and DNS/port rotation used.
I like it :-)
Although, with quite some effort, you might be able to be the succesful
intruder. (Or the GFW)
-- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/how-to-implement-access-control-using-connetcing-hostname-and-port-tp4666818p4666858.html Sent from the Squid - Users mailing list archive at Nabble.com.Received on Fri Jul 11 2014 - 14:49:24 MDT
This archive was generated by hypermail 2.2.0 : Fri Jul 11 2014 - 12:00:04 MDT