Linux Journal: Single Packet Authorization Mar 6, 2007, 10 :45 UTC (0 Talkback[s]) (3968 reads) (Other stories by Michael Rash)
"Countless pieces of software, protocols and complex interdependencies together form a system for which it is difficult to guarantee any particular property-particularly security. Even software specifically designed to enhance security can, at the behest of clever individuals armed with detailed knowledge, work to its detriment. Vulnerabilities have been discovered in all sorts of security software from firewalls to implementations of the Secure Shell (SSH) Protocol. For example, OpenSSH is developed by some of the most security-conscious developers in the world, and yet it occasionally contains a remotely exploitable vulnerability. This is an important fact to note because it seems to indicate that security is hard to achieve and, therefore, bolsters the case for a defense-in-depth approach. This article explores the concept of Single Packet Authorization (SPA) as a next-generation passive authentication technology beyond port knocking..."
