Slashdot Mirror

← Back to Stories (view on slashdot.org)

"Port Knocking" For Added Security

Posted by CmdrTaco on from the thats-a-crazy-idea dept.

Jeff writes "The process of Port Knocking is a way to allow only people who know the "secret knock" access to a certain port on a system. For example, if I wanted to connect via SSH to a server, I could build a backdoor on the server that does not directly listen on port 22 (or any port for that matter) until it detects connection attempts to closed ports 1026,1027,1029,1034,1026,1044 and 1035 in that sequence within 5 seconds, then listens on port 22 for a connection within 10 seconds. The web site explains it in some detail, and there is even an experimental perl implementation of it that is available for download. I can't think of any easy ways you could get around a system using this security method - let alone even know that a system is implementing it. Another article on port knocking is here."

2 of 950 comments (clear)

  1. Re:not bad by nolife · · Score: 0, Flamebait

    One of us must be smoking something because your post makes absolutely no sense.

    --
    Bad boys rape our young girls but Violet gives willingly.
  2. A really bad idea by c0d3h4x0r · · Score: 0, Flamebait

    This is a bad idea for so many reasons, I'm not sure where to begin.

    First off, it's "security by obscurity", which, as any security-knowledgable computer person can tell you, is no security at all.

    Secondly, it relies on the computers not having any kind of firewall in place between them, which is simply not the reality of the Internet world. Firewalls are everywhere, in both hardware and software form, and to write any Internet-based software that assumes the availability of weird port ranges is just stupid at this point, because very few people will be able to use it.

    Thirdly, the ensuing terminology that would result from wide-spread adoption of this technology would be terrible:

    • "big knockers" - people who knock heavily on hundreds of servers to try to brute-force their way in
    • "fart knockers" - people who knock on your ports just enough to make you get up and see who's there, only to run away again giggling that they made you check
    • "knocked up" - when a computer has been broken into by a big knocker or a fart knocker

    It just gets worse from there...

    --
    Moderator hint: a comment is neither "Flamebait" nor "Troll" if it is true.