
Martin Fowler's Gothic Hotel Model – How It Should Be Done - UltraDark
http://analysisdesignmatrix.com/ADM0002-0003-0009-0000-GothicHotel.html
======
retrogradeorbit
Who gave it such a ridiculous name? Trust Fowler to take something that's been
around for thirty years and give it a name that doesn't invoke any sense of
what it actually is.

This has been around since at least the 90s, but back then it was called port
knocking. I remember seeing an implementation in the 90s that required
different ICMP echo packet sizes (say 56, 64, 64, then 56 bytes) sent in order
for the system to unfirewall a particular service port for that incoming IP.

~~~
loopbit
Although I kind of share your anger at giving weird names to stuff that's been
there for decades[0], port knocking could be considered as just one specific
case of this pattern and not the general case.

What if we don't use different ports? Your example uses ICMP packages with
different sizes, not ports. What if you use something at the application layer
that doesn't require ports, maybe a sequence of (invalid) calls to separate
end-points?

Personally, I don't care how it's called as long as everyone agrees on what it
is and here, again, I agree with you in that "Gothic Hotel" might not be the
best name.

[0] Just the other day I heard a plain-old FTP server described as "cloud-
based storage service".

------
iaw
Can anyone dumb this down just a little?

~~~
BrentOzar
Simplified example: to open up access to a database server port, you’d have to
send specific packets in a specific sequence on specific ports. It’s kinda
like doing a secret knock on a series of doors in a neighborhood before an
entirely new door opens up in the side of a building.

And if you knock blindly on a few doors, the system knows you’re an intruder,
and no soup for you even if you stumble into the right knock sequence.

~~~
InvisibleCities
Maybe I am missing something, but wouldn't this be vulnerable to a man in the
middle attack?

~~~
solotronics
not if the sequence changes based on some predetermined pattern

~~~
InvisibleCities
Hmmmm. I don't know if I buy that. If the pattern is not cryptographically
secure, then you're still vulnerable to man in the middle, and if it is
cryptographically secure, wouldn't you get roughly the same security by just
doing standard SSH key based auth?

~~~
mannykannot
Isn't the point to have some defense in depth, so if there is a zero-day
exploit found for your SSH authentication, you are not wide open? In a way
like the grooves on a key for a pin-tumbler lock.

------
codeulike
People are discussing this in a security context, but that's not what its
about. This article is about modelling and analysis and the 'gothic hotel'
model is just an interesting imaginary situation to try and analyse. And its a
very useful example because its a state machine.

