The 0011 Blog

Now this is a good idea.  Security best practices define that in order to access a system, the user must know something, like username and password, and have something, traditionally something like a RSA SecurID keyfob, or smart card.  However, if you get to the authentication phase, you’ve already established a TCP connection to the server, which is a risk in of itself.

shimmer (via slashdot) is a project that requires you to have something, in this case, the shimmer client and public key of the server, to establish a TCP connection.  The server has a set of ports, and only one of them is forwarded to the real server daemon.  The port changes frequently, and to know which one will get you connected, you need the public key.  Connect to the wrong one, and your IP is banned.  Neat-o!