Combining Port Knocking With OS Fingerprinting

Posted by timothy on Saturday July 31, 2004 @06:50PM from the belt-and-suspenders-and-tape-and-elastic dept.

michaelrash writes "Port knocking implementations are on the rise. I have just released fwknop; (the Firewall Knock Operator) at DEF CON 12. Fwknop implements both shared and encrypted knock sequences, but with a twist; it combines knock sequences with passive operating system fingerprints derived from p0f. This makes it possible to allow, say, only Linux systems to connect to your SSH daemon. Fwknop is based entirely around iptables log messages and so does not require a separate packet capture library. Also, at the Black Hat Briefings, David Worth has released a cryptographic port knock implementation based around one-time pads."

2 of 154 comments (clear)

Min score:

Reason:

Sort:

NOT a one-time pad by Dwonis · 2004-07-31 19:36 · Score: 4, Informative

This is a one-time password system, which uses hashes, just like S/Key does. This is NOT a one-time pad system.
OpenBSD by pmf · 2004-07-31 20:26 · Score: 4, Informative

OS detection combined with firewall rules is already implemented in OpenBSD.