AKLUG Archive: [aklug] Re: Port Knocking

From: Shane R. Spencer <shane@bogomip.com>
Date: Mon Nov 08 2010 - 12:11:39 AKST

If you think of port knocking as a sequence (what port first, second, third) then you'll
also see that it can be encrypted.

There are some port knocking programs out there that rely on the time of day and a pre
shared key to determine the sequence.

The purpose of port knocking is to allow access to exploitable or heavily secured daemons
alike but without making it easy to scan as well as adding an extra layer of obscurity.
The added bonus is that depending on the knocking pattern certain ports can be opened up
on demand to go to certain internal hosts.

knock three times on a certain order and your IP is suddenly NAT'd to your favorite
internal servers ports.

knock in a different order and your IP is allowed access to another set of servers for a
certain duration depending on what port/ip you're knocking.

There are lots of benefits to port knocking from a sysadmins perspective. It's flavored a
little like the super floppy.. or zip drives.

- Shane

On 11/07/2010 03:54 PM, Damien Hull wrote:
> On Nov 7, 2010, at 3:50 PM, Royce Williams<royce@tycho.org> wrote:
>
>> Damien Hull said, on 11/07/2010 02:33 PM:
>>> Is anyone here a fan of port knocking?
>>>
>>> I heard good and bad things about it. Last thing I heard was that it
>>> wasn't as secure as people were making it out to be.
>>
>> I haven't used it either, but off of the top of my head ...
>>
>> If someone's sniffing the traffic, port knocking wouldn't be much
>> additional help, because they could see your knock pattern.
>>
>> It would keep the wider Internet from being able to hammer at a given
>> port, though.
>>
>> Royce
>> ---------
>> To unsubscribe, send email to<aklug-request@aklug.org>
>> with 'unsubscribe' in the message body.
>>
>
> Someone suggested it. Wasn't planing on using it though. If I did it
> would be for ssh.
>
> I'm using OSSEC. It blocks people doing dictionary attacks with
> iptables. That works for me. I've also got ssh on a different pot.
>
> I think that's enough.
> ---------
> To unsubscribe, send email to<aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Nov 8 12:12:20 2010

This archive was generated by hypermail 2.1.8 : Mon Nov 08 2010 - 12:12:20 AKST