Slashdot Mirror

← Back to Stories (view on slashdot.org)

Combining Port Knocking With OS Fingerprinting

Posted by timothy on from the belt-and-suspenders-and-tape-and-elastic dept.

michaelrash writes "Port knocking implementations are on the rise. I have just released fwknop; (the Firewall Knock Operator) at DEF CON 12. Fwknop implements both shared and encrypted knock sequences, but with a twist; it combines knock sequences with passive operating system fingerprints derived from p0f. This makes it possible to allow, say, only Linux systems to connect to your SSH daemon. Fwknop is based entirely around iptables log messages and so does not require a separate packet capture library. Also, at the Black Hat Briefings, David Worth has released a cryptographic port knock implementation based around one-time pads."

3 of 154 comments (clear)

  1. NOT a one-time pad by Dwonis · · Score: 4, Informative

    This is a one-time password system, which uses hashes, just like S/Key does. This is NOT a one-time pad system.

  2. OpenBSD by pmf · · Score: 4, Informative

    OS detection combined with firewall rules is already implemented in OpenBSD.

  3. Re:It's kinda cool by Anonymous Coward · · Score: 3, Informative

    Port knocking uses a specific authentication scheme, most often based on one-time passwords or other cryptographic means, to open access from a specific address for a very brief period of time.

    I am not aware of PK schemes that just open the port wide once you send in a magic passphrase, that would be dumb.

    In this regard, PK is quite similar to any other access scheme; the access control is a bit coarse, but so are all protocol-specific NAT helpers in firewalls, and most folks do not complain.