Slashdot Mirror


Combining Port Knocking With OS Fingerprinting

michaelrash writes "Port knocking implementations are on the rise. I have just released fwknop; (the Firewall Knock Operator) at DEF CON 12. Fwknop implements both shared and encrypted knock sequences, but with a twist; it combines knock sequences with passive operating system fingerprints derived from p0f. This makes it possible to allow, say, only Linux systems to connect to your SSH daemon. Fwknop is based entirely around iptables log messages and so does not require a separate packet capture library. Also, at the Black Hat Briefings, David Worth has released a cryptographic port knock implementation based around one-time pads."

2 of 154 comments (clear)

  1. OS fingerprinting, whew! by Anonymous Coward · · Score: 4, Funny

    thank goodness, if there's one thing a hacker can't get his hands on, it's a copy of Linux!

    yuk yuk yuk

  2. In other news... by AvantLegion · · Score: 4, Funny
    Microsoft IIS has implemented a similar scheme to only allow HTTP sessions to Microsoft OS running clients.