| View previous topic :: View next topic |
| Author |
Message |
Lawless
l33t
Joined: 03 Nov 2003
Posts: 638
Location: Germany
|
 Posted: Mon Jun 28, 2004 8:09 am Post subject: Port Knocking - Experience? |
 |
|
Hi all,
just read an artical about port knocking - quite a good idea I have to say.
Does anyone have had experience on that topic?
One projcet is for instance:
http://portknocking.org/
It works like: your iptables block _all_ ports on your system and log access on a range of (closed) ports.
You run a script which parses the logs and waits for a special sequence of access.
A client machine wanting to connect runs another script which sends this secret sequence and authenticates itself through the closed ports and the server script opens the requested port.
Just an overview - the script seems to be very powerful - executing commands, opening and closing ports... you can do a lot of insecure things with it ;)
But you can make your system even more secure with it because there is no listening port except for people who know the exact sequence...
I think I will try that but I'm interessted to know if anyone here has made experience with this is similar projects.
Are there any known problems?
_________________
Kernel panic: I have no root and I want to scream |
|
| Back to top |
|
 |
molander
Tux's lil' helper
Joined: 20 Jun 2003
Posts: 110
Location: St. Louis
|
| Posted: Mon Jun 28, 2004 2:16 pm Post subject: Re: Port Knocking - Experience? |
|
|
| Lawless wrote: | Hi all,
just read an artical about port knocking - quite a good idea I have to say.
Does anyone have had experience on that topic?
One projcet is for instance:
http://portknocking.org/
It works like: your iptables block _all_ ports on your system and log access on a range of (closed) ports.
You run a script which parses the logs and waits for a special sequence of access.
A client machine wanting to connect runs another script which sends this secret sequence and authenticates itself through the closed ports and the server script opens the requested port.
Just an overview - the script seems to be very powerful - executing commands, opening and closing ports... you can do a lot of insecure things with it 
But you can make your system even more secure with it because there is no listening port except for people who know the exact sequence...
I think I will try that but I'm interessted to know if anyone here has made experience with this is similar projects.
Are there any known problems? |
I have heard of this before. Sounds to me though that someone just has to watch you do it and its easy to replicate. Wouldnt you have to bundle this with some sort of encryption (at least on some of the knocks) to make it worth while? |
|
| Back to top |
|
|
Lawless
l33t
Joined: 03 Nov 2003
Posts: 638
Location: Germany
|
| Posted: Mon Jun 28, 2004 2:34 pm Post subject: |
|
|
As I understand the signals are encrypted via blowfish (or some other methods you can choose) to make it lot harder to sniff the sequence...
But even in case somebody founds out that sequence, when you have configured it correctly/secure the 'hacker' just sees the now opened ssh port or whatever.
So let's say you have a machine with smtp ssh or any other daemon you want. Some script kiddy scans your ports and sees the listening ports wether your daemon has a security hole or not the kiddy tries to break into your system.
Now with this method your system hasn't any opened ports and nobody is temptated to try to break in.
Of course - as always and with all other 'security' barriers - this is not 100% safe but the harder it gets the fewer people will try it.
_________________
Kernel panic: I have no root and I want to scream |
|
| Back to top |
|
|
theDreamer
Tux's lil' helper
Joined: 20 Oct 2003
Posts: 118
|
| Posted: Mon Jun 28, 2004 3:27 pm Post subject: Port Knocking |
|
|
port knocking is a good security tool but it can NOT be used alone.
sniffing the communication can easily bypass it...
the target of the idea is to avoid port scanners to detect open ports, and together with other security tools (like ssh) you get a secured system that if set correctly is highly protected.
_________________
Cheers,
Nir Dremer
www.dremer.org |
|
| Back to top |
|
|
|
Networking & Security
