Slashdot Mirror

← Back to Stories (view on slashdot.org)

Combining Port Knocking With OS Fingerprinting

Posted by timothy on from the belt-and-suspenders-and-tape-and-elastic dept.

michaelrash writes "Port knocking implementations are on the rise. I have just released fwknop; (the Firewall Knock Operator) at DEF CON 12. Fwknop implements both shared and encrypted knock sequences, but with a twist; it combines knock sequences with passive operating system fingerprints derived from p0f. This makes it possible to allow, say, only Linux systems to connect to your SSH daemon. Fwknop is based entirely around iptables log messages and so does not require a separate packet capture library. Also, at the Black Hat Briefings, David Worth has released a cryptographic port knock implementation based around one-time pads."

6 of 154 comments (clear)

  1. OS fingerprinting, whew! by Anonymous Coward · · Score: 4, Funny

    thank goodness, if there's one thing a hacker can't get his hands on, it's a copy of Linux!

    yuk yuk yuk

  2. In other news... by AvantLegion · · Score: 4, Funny
    Microsoft IIS has implemented a similar scheme to only allow HTTP sessions to Microsoft OS running clients.

    1. Re:In other news... by Curtman · · Score: 2, Funny

      I was thinking more along the lines of banning any SCO products. In the tradition of appending 'e' to the front of everything, I call it 'eSnobbing'.

  3. these ports are made for knockin' by Anonymous Coward · · Score: 2, Funny

    and that's just what they'll do

    one of these days these ports

    are gonna walk all over you........

  4. Re:Port knocking, firewalls, DMZs,... by Anonymous Coward · · Score: 0, Funny

    It's only been as more and more people began romaticising it, that we've come up with this free communications thing.

    Dude, you got your history wrong. The DoD thing was the ARPANET. Then came the Internet, that was an extension to universities and scholars. Then came the Innurnet (also called the Intarweb) that was an extension to the rest of us, and as more and more big greedy companies and individuals lay their grubby hands on it, it's turning into something that you could call the CorpyWeb...

    It's the Innurnet I was talking about. The Innurnet was free man.

  5. Re:How much more is needed? by pebs · · Score: 2, Funny

    More defense and limitations are good, sure, but why filter by OS?

    It's so we can block out all those Linux machines, because we all know that's where the hackers are coming from :)

    --
    #!/