Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion

search


This page contains all of the posts and discussion on MemeStreams referencing the following web page: Port Knocking. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

Port Knocking
by k at 2:26 pm EST, Feb 5, 2004

] This article presents a new security system, termed port
] knocking, in which trusted users manipulate firewall
] rules by transmitting information across closed ports.

[ i'm nothing like a security professional, but i seem to recall that there are a few people on this site who are ;) Thoughts? Is this a useful extra layer of security or does the complexity it adds to your firewall negate that?
it seems pretty damn smart to me, insofar as one more level of effort required to crack something is one level more than some people will be able to put forth. but then, again, i don't make a living either securing or cracking networks or systems, so... -k]


 
RE: Port Knocking
by Decius at 10:19 pm EST, Feb 5, 2004

inignoct wrote:
] [ i'm nothing like a security professional, but i seem to
] recall that there are a few people on this site who are ;)
] Thoughts?

While a creative idea, a 4 port "knock" across 256 ports is the equivalent of an 4 character password sent in the clear, and you could probably brute force it more quickly then a telnet login because there is no timeout wait between trials.

The "security" of this is based on the idea that no one knows you are doing it. Anyone targeting you would figure it out quickly, discover your key, and own you.

Even if you used a one time password scheme like S/KEY with this, I could wait for you to attempt to login, get three of the ports, then DOS attack you and then replay the sequence 256 times until I get the forth port.

Accepting SSH connections to your machine and simply tunneling through it would be more secure because your password sequence wouldn't go in the clear. That also happens to be the standard remote VPN solution for linux firewalls.

Have a nice day. :)


Port Knocking
by Acidus at 3:05 pm EST, Feb 5, 2004

] Briefly, users make connection attempts to sequences of
] closed ports. The failed connections are logged by the
] server-side packet filtering firewall and detected by a
] dæmon that monitors the firewall log file. When a
] properly formatted knock sequence, playing the role of
] the secret used in the authentication, is received,
] firewall rules are manipulated based on the information
] content of the sequence. This user-based authentication
] system is both robust, being mediated by the kernel
] firewall, and stealthy--it's not possible to detect
] whether a networked machine is listening for port knocks.
] Port knocking does not require any open ports, and it can
] be extended to transmit any type of information encoded
] in a port sequence.

This is so very very cool


 
RE: Port Knocking
by Abaddon at 12:16 am EST, Feb 6, 2004

yeah, I would argue that its actually not much added security, thats all a proxy server does and a proxy server has real authentication involved...in fact think about it for a second and you'll see that all a proxy server is, a gateway to deside whether or not to pass traffic through on a port...so if you authenticate then the proxy server opens the port open to you...this has very poor authentication, almost non-existant...

its not going to be worse security than nothing...but its a bad thing in my opinion that let these things get out of hand without security experts input, because people will take this to be what they need to secure their machines, and its not going to do that...

also think about the people that need this level of security, then think about the people that attack those people, even a mediocre hacker could get past this...true he would have to get past it, but any proxy server will do a better job than this does, even if the hacker can see your traffic...

--Abaddon

Acidus wrote:
] ] Briefly, users make connection attempts to sequences of
] ] closed ports. The failed connections are logged by the
] ] server-side packet filtering firewall and detected by a
] ] dæmon that monitors the firewall log file. When a
] ] properly formatted knock sequence, playing the role of
] ] the secret used in the authentication, is received,
] ] firewall rules are manipulated based on the information
] ] content of the sequence. This user-based authentication
] ] system is both robust, being mediated by the kernel
] ] firewall, and stealthy--it's not possible to detect
] ] whether a networked machine is listening for port knocks.
] ] Port knocking does not require any open ports, and it can
] ] be extended to transmit any type of information encoded
] ] in a port sequence.
]
]
] This is so very very cool


There is a redundant post from schauba not displayed in this view.
 
 
Powered By Industrial Memetics