Slashdot Mirror

← Back to Stories (view on slashdot.org)

"Port Knocking" For Added Security

Posted by CmdrTaco on from the thats-a-crazy-idea dept.

Jeff writes "The process of Port Knocking is a way to allow only people who know the "secret knock" access to a certain port on a system. For example, if I wanted to connect via SSH to a server, I could build a backdoor on the server that does not directly listen on port 22 (or any port for that matter) until it detects connection attempts to closed ports 1026,1027,1029,1034,1026,1044 and 1035 in that sequence within 5 seconds, then listens on port 22 for a connection within 10 seconds. The web site explains it in some detail, and there is even an experimental perl implementation of it that is available for download. I can't think of any easy ways you could get around a system using this security method - let alone even know that a system is implementing it. Another article on port knocking is here."

2 of 950 comments (clear)

  1. Re:Possible problems by Dark+Paladin · · Score: 1, Redundant

    You'd probably want to have it check by IP address, so you could have:

    Knock: 1143 5547 1212 = port 22 open

    IP1: Hit port 1143.
    IP2: Hit port 1143.
    IP1: Hit port 5547
    IP2: Hit port 5547
    IP1: Hit port 1212
    IP2: Hit port 3354

    IP1 allowed, IP2 port still closed.

    This would also help to stop timing issues, such as someone hitting port 22 every second in the event that a valid user "knocks" and opens the port - only the IP address of the port that performed the valid knock gets inside.

    It's really just another layer of security, but an interesting idea.

    --
    52 Weeks, 52 Religions with John Hummel
  2. ugh security through obsucrity by sPaKr · · Score: 0, Redundant
    Lets look at the ways to defeat this joke.
    • port scan attacks (AKA brute force), instead of scanning just code up a program to attempt all permatations of knocks, sure it will take a while.. but sooner or later it will work
    • sniffer, all you need to do is sniff one
      person with the knock and whamo you know it. Chances are the lamo that uses this isnt going to
      change the knock.. not ever (as he will prolly hard code the knock into his client app). So once
      you have the knock bam your done.. now just break his password..

    Security through obuscurity never works.