Slashdot Mirror


"Port Knocking" For Added Security

Jeff writes "The process of Port Knocking is a way to allow only people who know the "secret knock" access to a certain port on a system. For example, if I wanted to connect via SSH to a server, I could build a backdoor on the server that does not directly listen on port 22 (or any port for that matter) until it detects connection attempts to closed ports 1026,1027,1029,1034,1026,1044 and 1035 in that sequence within 5 seconds, then listens on port 22 for a connection within 10 seconds. The web site explains it in some detail, and there is even an experimental perl implementation of it that is available for download. I can't think of any easy ways you could get around a system using this security method - let alone even know that a system is implementing it. Another article on port knocking is here."

3 of 950 comments (clear)

  1. Old stuff by Britz · · Score: 5, Funny

    That is a very old method i developed with my friends. We would only open the door after a "secret" knock sequence. We had seen this on TV and thought this would be cool. We jeopardized the security regularly when we said "wrong knock" after someone else knocked. Usually parents. Then they would say "open up". And we had to comply.

  2. Slashdotted? by Fulkkari · · Score: 5, Funny

    Is the site slashdotted...

    ...or do I have to knock my way in?

    --
    I demand the Cone of Silence!
  3. Re:not bad by pclminion · · Score: 5, Funny
    In a way it does. It firsts asks for a username, and then a password. If one of them is incorrect, you don't get access. But SSH doesn't tell you which one was incorrect.

    This reminds me of a cgi driven website I visited a loooong time ago (1996?)

    I was creating a user account, and was using the password "beelzebub". However, the system refused to let me create the account. It displayed a page which stated "That password is invalid: It is being used by another user. Please select a unique password."

    Apparently, some genius thought it was good security to ensure that no two users had the same password. I hope you can see the intrinsic flaw in this :-)