Slashdot Mirror

← Back to Stories (view on slashdot.org)

"Port Knocking" For Added Security

Posted by CmdrTaco on from the thats-a-crazy-idea dept.

Jeff writes "The process of Port Knocking is a way to allow only people who know the "secret knock" access to a certain port on a system. For example, if I wanted to connect via SSH to a server, I could build a backdoor on the server that does not directly listen on port 22 (or any port for that matter) until it detects connection attempts to closed ports 1026,1027,1029,1034,1026,1044 and 1035 in that sequence within 5 seconds, then listens on port 22 for a connection within 10 seconds. The web site explains it in some detail, and there is even an experimental perl implementation of it that is available for download. I can't think of any easy ways you could get around a system using this security method - let alone even know that a system is implementing it. Another article on port knocking is here."

20 of 950 comments (clear)

  1. huff and puff by tombou · · Score: 2, Funny

    little pig little pig...

    let me in

  2. Beavis? by tommck · · Score: 2, Funny

    Am I the only one who heard Beavis say "Port Knocker!"?

    Probably...

    --
    ---- It puts the lotion on its skin or else it gets the hose again. It does this whenever it's told.
  3. Knock knock... who's there? by bc90021 · · Score: 4, Funny

    Knock knock...

    Who's there?

    Usher.

    Usher who?

    Usher wish I could SSH to your server!

    Sorry... ;)

    --
    libertarianswag.com
  4. Old stuff by Britz · · Score: 5, Funny

    That is a very old method i developed with my friends. We would only open the door after a "secret" knock sequence. We had seen this on TV and thought this would be cool. We jeopardized the security regularly when we said "wrong knock" after someone else knocked. Usually parents. Then they would say "open up". And we had to comply.

  5. Slashdotted? by Fulkkari · · Score: 5, Funny

    Is the site slashdotted...

    ...or do I have to knock my way in?

    --
    I demand the Cone of Silence!
  6. Re:Before you complain about "Obscurity" by Anonymous Coward · · Score: 1, Funny

    That was, quite possibly, the greatest analogy in the history of /.

  7. Port knocking IS Patriotic: +1, Hilarious by Anonymous Coward · · Score: 1, Funny

    Before you Slashdot about "port knocking", please
    send your text through a spellchecker.

    "implimenting" should read "implementing".

    Remember, the "President"
    was AWOL

    Regards,
    Kilgore

  8. "Port Knocking" by Unknown+Kadath · · Score: 0, Funny

    It sounds like a euphemism for something obscene. I bet it's illegal in Texas.

    -Carolyn

    --
    Like Daddy always said: if you can't dazzle 'em with brilliance, baffle 'em with bullshit.
  9. Re:Before you complain about "Obscurity" by skiflyer · · Score: 3, Funny

    It's called a secret knock and that's the best analogy you could come up with? Perhaps it's more like a ten-foot-thick steel blast door, but you can't even see the keyhole unless you knock on it just the right way?

  10. Slashdotted by BlueTooth · · Score: 3, Funny

    Does anyone know the secret knock for www.portknocking.org:80 ?

    Thanks.

    --
    SPAM
  11. Re:not bad by tommck · · Score: 2, Funny

    Rather than sniffing her network and replaying sequences, why not just buy her dinner to gain access to her "hidden port"?

    --
    ---- It puts the lotion on its skin or else it gets the hose again. It does this whenever it's told.
  12. Web site is "knocked" down by unigeek · · Score: 3, Funny
    Looks like someone knocked on the wrong port. I believe the idea is to hit a few different ports and then go the secretly opening door. However the technique known as "slashdotting" where the sequence looks sort of like

    site up

    knock 80

    knock 80

    knock 80

    .. (knock 80 about 3 million times in two mintues)

    site down

  13. Re:Easy enough... by Patrik_AKA_RedX · · Score: 2, Funny
    If you had access to the machine it was running on, then why would you even care about getting access anymore?
    Well, If you happen to be a trojan, you could log all those secret knocks and do trojan horse stuff with it.
  14. Re:Oh, really. by srmalloy · · Score: 3, Funny
    I predict a flood of commenters whining about this being "security through obscurity."
    Well, it worked reasonably well for the speakeasies during Prohibition. Unfortunately, the FBI's DOS attacks were also more effective then...
  15. Re:not bad by C10H14N2 · · Score: 2, Funny

    Great. Just what you want to do is hard-code a quicker way to DoS you system.

    TERRIFIC.

    This will be used only on systems storing highly sensitive Star Trek Fan-fiction.

  16. Re:not bad by pclminion · · Score: 5, Funny
    In a way it does. It firsts asks for a username, and then a password. If one of them is incorrect, you don't get access. But SSH doesn't tell you which one was incorrect.

    This reminds me of a cgi driven website I visited a loooong time ago (1996?)

    I was creating a user account, and was using the password "beelzebub". However, the system refused to let me create the account. It displayed a page which stated "That password is invalid: It is being used by another user. Please select a unique password."

    Apparently, some genius thought it was good security to ensure that no two users had the same password. I hope you can see the intrinsic flaw in this :-)

  17. B&B by jafiwam · · Score: 2, Funny

    Butthead: "Uhhhha, I am gonna emale you....in the butt.

    Beavis: "Shutup! Port-knocker!

  18. Re:Well, there go the logfiles by NanoGator · · Score: 1, Funny

    "Yeah, NAT breaks stuff, get used to it."

    Shat up, port knocker. /Beavis Voice

    --
    "Derp de derp."
  19. Fine Idea by Anonymous Coward · · Score: 1, Funny

    Fine Idea! ... now someone just needs to develop a way to leave a "virtual bag of flaming poo" at one of your ports.

  20. Re:Well, there go the logfiles by Anonymous Coward · · Score: 2, Funny
    which do you think you're more likely to hit on the first try?

    YOUR FACE