"Port Knocking" For Added Security

← Back to Stories (view on slashdot.org)

"Port Knocking" For Added Security

Posted by CmdrTaco on Thursday February 5, 2004 @07:03AM from the thats-a-crazy-idea dept.

Jeff writes "The process of Port Knocking is a way to allow only people who know the "secret knock" access to a certain port on a system. For example, if I wanted to connect via SSH to a server, I could build a backdoor on the server that does not directly listen on port 22 (or any port for that matter) until it detects connection attempts to closed ports 1026,1027,1029,1034,1026,1044 and 1035 in that sequence within 5 seconds, then listens on port 22 for a connection within 10 seconds. The web site explains it in some detail, and there is even an experimental perl implementation of it that is available for download. I can't think of any easy ways you could get around a system using this security method - let alone even know that a system is implementing it. Another article on port knocking is here."

12 of 950 comments (clear)

Min score:

Reason:

Sort:

Uh, by Anonymous Coward · 2004-02-05 07:04 · Score: -1, Offtopic

where are all the white women at?
i like... by Anonymous Coward · 2004-02-05 07:04 · Score: -1, Offtopic

fart knocking

time to eat the snatch
Interesting. by Vindictive · 2004-02-05 07:04 · Score: 0, Offtopic

Damn, interesting...
Frosty Piss!!!?? by Anonymous Coward · 2004-02-05 07:04 · Score: -1, Offtopic

Frosty Piss!!!??
LAST POST IN THIS THREAD GETS 10 DOLLARS by Anonymous Coward · 2004-02-05 07:05 · Score: -1, Offtopic

READY

GO!
Knockse.cx by Anonymous Coward · 2004-02-05 07:08 · Score: -1, Offtopic

Since goatse is now gone, you have to knock to get him back.

Knock
Knock
Knock
Knock

One of these leads to ghostse, the others do not! Knock carefully!
VPNs already solved this problem... by zerofoo · 2004-02-05 07:11 · Score: 0, Offtopic

I already have a solution for this scenario. It's called a VPN. Anyone who doesn't know the "secret handshake" (VPN encryption key) doesn't get past the firewall. I don't have to worry about port 22 on my server....or any other port.

-ted
Re:Easy enough... by Anonymous Coward · 2004-02-05 07:22 · Score: -1, Offtopic

My other car is a cdr.

LISP needs to burn and die
Re:not bad by zmooc · 2004-02-05 07:36 · Score: 0, Offtopic

Well I'm smoking something and I understood it so do the math:)

--
0x or or snor perron?!
Re:not bad by trmj · 2004-02-05 08:39 · Score: 0, Offtopic

just testing my new sig, thanks for thinking of it for me :-)

stupid 120 char limit though, I had to cut some of it out.

--
Work sucked, until it became unemployment, when it became slightly more tolerable. -Tet
Re:Relax, Spelling isn't all that important anyway by Anonymous Coward · 2004-02-05 10:54 · Score: -1, Offtopic

Unless your anal port is being knocked.
Re:Oh, really. by Anonymous Coward · 2004-02-05 14:54 · Score: -1, Offtopic

As an unobscure authentication system, I feel its value is quite limited.

As a woman, I feel your mother is quite limited.