Security Basics mailing list archives
Re: Port-Knocking vulnerabilities?
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Mon, 31 Dec 2007 21:29:10 +0100
On 2007-12-31 Jay wrote:
On Sat, 29 Dec 2007 14:28:53 +0100 Ansgar -59cobalt- Wiechers wrote:On 2007-12-28 Jay wrote:Portknocking is a security mechanism as it is a type of authentication. "Something you know" in this case the sequence of ports to knock before a unstarted service or daemon begins listening for connections.Since everything is transmitted in the clear port-knocking is as much of a security mechanism as cleartext passwords. Technically: maybe (depending on your definition). Realistically: no.Is portknocking a weaker security mechanism. Does that discount it completely. Telnet and ftp our clear text. Just because something can be defeated doesn't mean it loses 'all' its classification
Does anyone out there actually consider telnet or FTP to be even remotely secure? No? Then what makes you think you have a point here?
A door is meant to provide some defense to the outside of your house. I can certainly bash it in with a sledge hammer. It still serves its purpose as a layer of the defense.
Bad analogies can't replace actual arguments.
Again we are talking about security basics here. You can say it isn't viable or is inherently weak. But the way it is implemented its used for authentication. Plain and simple.
However, depending on how the authentication mechanism is designed and implemented it may or may not count as a security measure. Plain and simple. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- RE: Port-Knocking vulnerabilities?, (continued)
- RE: Port-Knocking vulnerabilities? nobledark (Dec 28)
- Re: Port-Knocking vulnerabilities? Jay (Dec 31)
- Re: Port-Knocking vulnerabilities? Ansgar -59cobalt- Wiechers (Dec 31)
- Re: Port-Knocking vulnerabilities? Robert Inder (Dec 31)
- Re: Port-Knocking vulnerabilities? Goldstein101 (Dec 31)
- RE: Port-Knocking vulnerabilities? Craig Wright (Dec 31)
- Re: Port-Knocking vulnerabilities? Ansgar -59cobalt- Wiechers (Dec 31)
- RE: Port-Knocking vulnerabilities? Craig Wright (Dec 31)
- Re: Port-Knocking vulnerabilities? Ansgar -59cobalt- Wiechers (Dec 31)
- Re: Port-Knocking vulnerabilities? Ansgar -59cobalt- Wiechers (Dec 31)
- Re: Port-Knocking vulnerabilities? Brent Huston (Dec 31)
- RE: Port-Knocking vulnerabilities? Craig Wright (Dec 31)