Slashdot Mirror

← Back to Stories (view on slashdot.org)

Combining Port Knocking With OS Fingerprinting

Posted by timothy on from the belt-and-suspenders-and-tape-and-elastic dept.

michaelrash writes "Port knocking implementations are on the rise. I have just released fwknop; (the Firewall Knock Operator) at DEF CON 12. Fwknop implements both shared and encrypted knock sequences, but with a twist; it combines knock sequences with passive operating system fingerprints derived from p0f. This makes it possible to allow, say, only Linux systems to connect to your SSH daemon. Fwknop is based entirely around iptables log messages and so does not require a separate packet capture library. Also, at the Black Hat Briefings, David Worth has released a cryptographic port knock implementation based around one-time pads."

3 of 154 comments (clear)

  1. The more complicated you make it, by Anonymous Coward · · Score: 5, Insightful

    the bigger is the chance of screwing up. The point of port knocking is to have a simple and therefore less bug prone layer around real authentication systems like ssh, so that when a bug in ssh is found, portscanners don't find your vulnerable service. Complicated port knocking systems defeat the purpose of port knocking.

  2. Re:It's kinda cool by Lord+Kano · · Score: 5, Insightful

    Not only is it security through obscurity

    Only in the same sense that passwords are security through obscurity.

    Right combination of keystrokes, right combination of ports to knock, these sound very similar to me.

    LK

    --
    "Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
  3. Re:It's kinda cool by Sancho · · Score: 5, Insightful

    It's not.. I almost suspect you of trolling.

    The primary purpose of port knocking is to hide the fact that you have open ports to begin with. You don't want to have those ports unprotected once the right knock sequence is in place. You want both password/challenge AND port knocking so no active scanner detects your open ports.