Crackers and correlations
Gerald Combs
gerald at ethereal.com
Sat Oct 30 19:09:26 CDT 2004
Monty J. Harder wrote:
> "Gerald Combs" <gerald at ethereal.com> wrote:
>
>
>>There's also "port knocking": http://www.portknocking.org/ . In order
>>for the firewall to open up port 22, you would have to send a special
>>sequence of packets, e.g. attempt to connect to a specific combination
>>of ports in a specific order.
>
>
> It's an interesting idea, but I think it's in the category of 'security
> through obscurity'. I think it would be cleaner to just send a UDP packet,
> containing within it certain authentication information (including a
> timestamp), digitally signed with a private key, that would give pretty high
> confidence that you are legit before the TCP socket ever is opened.
I think this what they do, only the authentication information is spread
across the "knocks." If I understand their documentation correctly, a
table is created that maps byte values to port numbers. To send a
message, you have to knock the port corresponding to each byte in the
message, in the proper order.
I'm not sure I'd use something like this. If I needed a port opened
dynamically in this fashion, I'd probably use a browser-based
certificate to authenticate against a CGI which could open up the port.
It does have a certain "1337" appeal, though.
More information about the Kclug
mailing list