Click to enlarge

Recent Advances in Single Packet Authorization

Michael Rash

Single Packet Authorization (SPA) is a security technology whereby vulnerable services are protected behind a default-drop packet filter and temporary client access is granted via passive means. This talk will present recent advances in the open source "fwknop" SPA project, including clients for Android and the iPhone, support for the PF firewall on OpenBSD, the ability to seamlessly integrate SPA into cloud computing environments with the new FORCE_NAT mode, and deploying fwknop on embedded systems with limited computing resources. In addition, some discussion will be devoted to other SPA implementations and the various tradeoffs that must be made by any project that provides either port knocking or SPA functionality.