RE: OT: port knocking.. getting there

["Ben Nagy" <ben () iagu net>]

Only on slashdot would this kind of rubbish get any airtime. The ONLY thing
port knocking is any good for is people that want to write malware which
will not easily be detected by network admins. If I genuinely want to secure
a host, or use 'dynamic' firewall rules there are half a dozen better
solutions.

Not only is the concept stupid, but I looked at the guy's thesis for five
seconds and his crypto is totally broken - there is a trivial known
plaintext attack to recover the secret password if you can intercept knocks
on the wire. The plaintext is [IP addr][port][action] for 4 + 2 + 1 bytes
each. The last byte is pad - which is cunningly hardwired to null.

The IP address makes up 4 bytes of a 7 byte plaintext (which is already
small enough to brute force) and the IP address will be that of the knocking
host. Wait, it gets worse! The "action" byte is basically "open" or "close"
and the port bytes don't quite use the full 2^16 range. In other words I
need to brute force a little less than 17 bits. This is only challenging if
I want to make like ET and do it with a reprogrammed Speak N Spell.

It's bad enough I have to endure this on /. Someone buy the guy a copy of
Applied Cryptography and let's move on.

ben

> -----Original Message-----
[...]
> http://bsd.slashdot.org/article.pl?sid=04/06/18/0617244&mode=t
hread&tid=122&tid=126&tid=172&tid=185&tid=190

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards