Slashdot Mirror

← Back to Stories (view on slashdot.org)

Going Beyond Port Knocking; Single Packet Access

Posted by Hemos on from the interesting-ideas dept.

michaelrash writes "I have just released a new version of fwknop that implements a single-packet authorization scheme using libpcap (similar to what Simple Nomad has proposed for the upcoming BlackHat Briefings). Fwknop has made Slashdot once before as the first tool that combines port knocking and passive OS fingerprinting. However, this new single-packet method has many advantages over port knocking, including non-replayable messages, much more data can be sent (including complete commands), an attacker cannot break sequences simply by connecting to spurious ports on the target, and more. By using Netfilter to intercept packets within the kernel, anyone scanning for a service protected by this method cannot even talk directly to the IP stack without being authorized; that makes even 0-day exploits largely toothless."

2 of 23 comments (clear)

  1. Nothing is secure by Irashtar · · Score: 2, Funny

    Make it foolproof, you getter a smarter fool.
    make it spoofproof, they'll make a better spoof.

  2. Re:Whats the point of port knocking? by Anonymous Coward · · Score: 1, Funny

    Duh, it's the foundation for a secure next-generation communications protocol, allowing users new freedom and peace of mind. As a legitimate security researcher, I'm excited about the prospects for myself and my clients.

    Ahh, fuck it. It's just another way for botnets to communicate.