> >The basic idea is called "Port Knocking". The firewall has all ports
> >closed, but keeps an eye on what packets hit what ports. On my remote
> >laptop, I hit certain ports, in a pre-arranged sequence. The firewall sees
> >this and opens a port for inbound traffic from my IP address. When I drop
> >the connection, the port is closed.
> >
> >More on the subject: http://www.portknocking.org/view/about
I'm basically against portknocking as a security layer. It's the kind
of security-by-obscurity thing that will give people a false sense of
safety while it in fact does little or nothing at all. The only port
knocking implementations I've seen that attempt to block replay
attacks use onetime pads for the port sequences, but if you're going
to use onetime pads, you may as well use them for authentication and
cut out the middleman. One of my previous employers ran a onetime pad
authenticator on a high port - until you authenticated with that
service, everything was closed to you. Once you authenticated, your
allowed set of ports was opened to the IP from which you
authenticated, as long as you kept the auth connection open and
active. Less convoluted than port knocking, and at least as secure.
> If your port knocking protocol permits replay attacks, then you really
> haven't kept out the most interested folks.
Or *any* of the folks who would have been able to realistically
compromise the system.
-- Debianista! http://www.gnu.org/philosophy/no-word-attachments.html----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:58:25 EDT