Phone: +65-8585-1750

Address: 30 Holland Close, Singapore

Ughh : OpenVZ and packet sniffing...

Sat, May 28, 2011 mdda OSS Blog Comments

Ughh : OpenVZ and packet sniffing…

Before you attempt to experiment with knockd and/or fwknop, Google around a little for venet0 and packet sniffing.

The virtualization of the interfaces by OpenVZ apparently mangles the IP headers for packet sniffers (like fwknop uses to listen to DROP’d packets). And they then fail to trigger the next step of cleverness (opening the SSH/22 port, for example).

i.e. : fwknop will not work on OpenVZ

Please let me know if I’m wrong : I would love to be…


blog comments powered by Disqus