Security Basics mailing list archives
Re: Port-Knocking vulnerabilities?
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Fri, 28 Dec 2007 19:42:25 +0100
On 2007-12-28 Kappa Alpha Pi Eta wrote:
so I read this thread about port-knocking (altough called "reflexsive firewalls"). I'd never heard of that and found that to be an very interesting mechanism. Now I just keep wondering, what an attacker could possibly do to intrude system secured in such a way. So there are no open ports at all, also, there's no way the attacker could access the computer physically or via social engineering. The attacker knows that a knock-server is running and that there's some daemon waiting to become accessible (what ever that may be).
Port knocking is not a security but merely an obfuscation measure, as it just hides services from people who don't know about the measure.
What could a attacker do to somehow get access to that machine?
Knock.
And how can I secure that machine from that kind of attacks.
Just like you would secure it when not using port-knocking: - Don't have services listening on external interfaces that shouldn't be accessible from the outside. - Keep your system patched. - Use authentication where applicable. - Prefer public key authentication over password authentication. ... Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- Port-Knocking vulnerabilities? Kappa Alpha Pi Eta (Dec 28)
- RE: Port-Knocking vulnerabilities? Tom Corelis (Dec 28)
- RE: Port-Knocking vulnerabilities? Craig Wright (Dec 31)
- Re: Port-Knocking vulnerabilities? Ansgar -59cobalt- Wiechers (Dec 28)
- RE: Port-Knocking vulnerabilities? Sean Tindall (Dec 31)
- Re: Port-Knocking vulnerabilities? T. Shannon Gilvary (Dec 28)
- <Possible follow-ups>
- RE: Port-Knocking vulnerabilities? nobledark (Dec 28)
- Re: Port-Knocking vulnerabilities? Jay (Dec 31)
- Re: Port-Knocking vulnerabilities? Ansgar -59cobalt- Wiechers (Dec 31)
- Re: Port-Knocking vulnerabilities? Robert Inder (Dec 31)
- Re: Port-Knocking vulnerabilities? Goldstein101 (Dec 31)
- RE: Port-Knocking vulnerabilities? Craig Wright (Dec 31)
- Re: Port-Knocking vulnerabilities? Ansgar -59cobalt- Wiechers (Dec 31)
- RE: Port-Knocking vulnerabilities? Craig Wright (Dec 31)
- Re: Port-Knocking vulnerabilities? Ansgar -59cobalt- Wiechers (Dec 31)
- RE: Port-Knocking vulnerabilities? Tom Corelis (Dec 28)