Thread: new scan pattern?
View Single Post

  #8 (permalink)  
Old 09-21-2004
Ray Ingles
 
Posts: n/a
Default Re: new scan pattern?
In article <pan.2004.09.18.00.28.36.962443@sbcglobal.net>, Amadeus W.M. wrote:
> On Fri, 17 Sep 2004 09:27:31 +0200, ard wrote:
>
>> Skorpion wrote:
>> Yes, looks like it. More info about portknocking can be found here.
>> http://www.portknocking.org/
>
> That's interesting, so that means I don't have to keep open my ssh port
> all the time, for the rare occasions when I have to access my home
> computer remotely. I could knock on my firewall. Cool!

There are lots of different systems for doing that sort of thing:

http://www.tldp.org/LDP/LGNET/issue99/ingles.html

Note that most implementations of port knocking I've seen have been
vulnerable to replay attacks; if someone's watching the network traffic,
they can potentially capture the knock sequence and use it later. Some
systems try to prevent this by permuting the sequence or including a
variable payload.

But there's a reliability issue. One thing not often noted about port
knocking systems is that, to avoid waiting for TCP timeouts and such,
they tend to use UDP... but the order of packets, and indeed their
delivery at all, is *not* guaranteed for UDP. Congested routers
frequently just drop UDP packets on the floor.

So, the more complicated the knock sequence, the less reliable the
system will be. But if that's the way you want to go...

http://www.l0t3k.org/security/tools/portknocking/

--
Sincerely,

Ray Ingles (313) 227-2317

"...those who scare peace-loving people with phantoms of lost
liberty; my message is this: Your tactics only aid terrorists..."
- John Ashcroft
"John Ashcroft scares *me* with notions of lost liberties." - Me
Reply With Quote