Security Basics mailing list archives
RE: Port-Knocking vulnerabilities?
From: "Sean Tindall" <sean () bulletproofnetworks ca>
Date: Fri, 28 Dec 2007 12:08:29 -0700
The knock itself could be a password though too. The knock could consist of several port connections, in (the correct) sequence, to an arbitrary list of ports, before the service you actually want access to becomes available - but to only the IP address that initiates the knock. There might even be a way to someone to an OTP scheme with port knocking, where the sequence of ports to knock is different every time. All kinds of cool possibilities. sT -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ansgar -59cobalt- Wiechers Sent: Friday, December 28, 2007 11:42 AM To: security-basics () securityfocus com Subject: Re: Port-Knocking vulnerabilities? On 2007-12-28 Kappa Alpha Pi Eta wrote:
so I read this thread about port-knocking (altough called "reflexsive firewalls"). I'd never heard of that and found that to be an very interesting mechanism. Now I just keep wondering, what an attacker could possibly do to intrude system secured in such a way. So there are no open ports at all, also, there's no way the attacker could access the computer physically or via social engineering. The attacker knows that a knock-server is running and that there's some daemon waiting to become accessible (what ever that may be).
Port knocking is not a security but merely an obfuscation measure, as it just hides services from people who don't know about the measure.
What could a attacker do to somehow get access to that machine?
Knock.
And how can I secure that machine from that kind of attacks.
Just like you would secure it when not using port-knocking: - Don't have services listening on external interfaces that shouldn't be accessible from the outside. - Keep your system patched. - Use authentication where applicable. - Prefer public key authentication over password authentication. ... Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- Port-Knocking vulnerabilities? Kappa Alpha Pi Eta (Dec 28)
- RE: Port-Knocking vulnerabilities? Tom Corelis (Dec 28)
- RE: Port-Knocking vulnerabilities? Craig Wright (Dec 31)
- Re: Port-Knocking vulnerabilities? Ansgar -59cobalt- Wiechers (Dec 28)
- RE: Port-Knocking vulnerabilities? Sean Tindall (Dec 31)
- Re: Port-Knocking vulnerabilities? T. Shannon Gilvary (Dec 28)
- <Possible follow-ups>
- RE: Port-Knocking vulnerabilities? nobledark (Dec 28)
- Re: Port-Knocking vulnerabilities? Jay (Dec 31)
- Re: Port-Knocking vulnerabilities? Ansgar -59cobalt- Wiechers (Dec 31)
- Re: Port-Knocking vulnerabilities? Robert Inder (Dec 31)
- Re: Port-Knocking vulnerabilities? Goldstein101 (Dec 31)
- RE: Port-Knocking vulnerabilities? Craig Wright (Dec 31)
- Re: Port-Knocking vulnerabilities? Ansgar -59cobalt- Wiechers (Dec 31)
- RE: Port-Knocking vulnerabilities? Craig Wright (Dec 31)
- Re: Port-Knocking vulnerabilities? Ansgar -59cobalt- Wiechers (Dec 31)
- RE: Port-Knocking vulnerabilities? Tom Corelis (Dec 28)