Michael Rash, Security Researcher

Techno Security 2007 SPA Talk Slides

Techno Security SPA Talk Slides The Techno Security 2007 conference is over, and I gave a talk entitled "Zero-day Attack Prevention via Single Packet Authorization". The major emphasis of this talk was to demonstrate some of the new capabilities offered by the 1.8 release of fwknop, including the ability to run the fwknop client on a Windows 2000 system under Cygwin and authenticate to a Linux system running the fwknopd server. This demonstration was accomplished from a single Ubuntu Linux system with a Windows 2000 instance under Vmware to execute the fwknop client. New capabilities in fwknop that I did not have time to demonstrate are the ability to run the fwknopd server on systems that use the ipfw firewall (such as FreeBSD and Mac OS X), and the usage of gpg-agent (part of the GnuPG project) to acquire passwords associated with GnuPG keys. At some point it might be interesting to devote more time to giving a lengthy demonstration of various fwknop authentication modes and features. One additional note is that I have released fwknop-1.8.1 after the conference talk to address an issue with the usage of the ipfw "keep-state" option when fwknopd creates new rules to accept connections from valid fwknop client systems; here is the ChangeLog.

You can download a PDF of my presentation slides here.