Security Basics
Re: Port-Knocking vulnerabilities? Dec 28 2007 07:07PM
Jay (jay tomas infosecguru com) (1 replies)
Portknocking is a security mechanism as it is a type of authentication. "Something you know" in this case the sequence of ports to knock before a unstarted service or daemon begins listening for connections.

Jay
----- Original Message -----
From: Ansgar -59cobalt- Wiechers [mailto:bugtraq (at) planetcobalt (dot) net [email concealed]]
To: security-basics (at) securityfocus (dot) com [email concealed]
Sent: Fri, 28 Dec 2007 19:42:25 +0100
Subject: Re: Port-Knocking vulnerabilities?

On 2007-12-28 Kappa Alpha Pi Eta wrote:
> so I read this thread about port-knocking (altough called "reflexsive
> firewalls"). I'd never heard of that and found that to be an very
> interesting mechanism. Now I just keep wondering, what an attacker
> could possibly do to intrude system secured in such a way. So there
> are no open ports at all, also, there's no way the attacker could
> access the computer physically or via social engineering. The attacker
> knows that a knock-server is running and that there's some daemon
> waiting to become accessible (what ever that may be).

Port knocking is not a security but merely an obfuscation measure, as it
just hides services from people who don't know about the measure.

> What could a attacker do to somehow get access to that machine?

Knock.

> And how can I secure that machine from that kind of attacks.

Just like you would secure it when not using port-knocking:

- Don't have services listening on external interfaces that shouldn't be
accessible from the outside.
- Keep your system patched.
- Use authentication where applicable.
- Prefer public key authentication over password authentication.
...

Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

[ reply ]
Re: Port-Knocking vulnerabilities? Dec 29 2007 01:28PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net) (1 replies)
Re: Port-Knocking vulnerabilities? Dec 31 2007 06:27PM
Robert Inder (robertinder googlemail com) (2 replies)
Re: Port-Knocking vulnerabilities? Dec 31 2007 08:50PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net) (1 replies)
RE: Port-Knocking vulnerabilities? Dec 31 2007 09:46PM
Craig Wright (Craig Wright bdo com au) (1 replies)
RE: Port-Knocking vulnerabilities? Jan 01 2008 01:01PM
Bill Lavalette (blavalet homenet-security com)
Re: Port-Knocking vulnerabilities? Dec 31 2007 07:40PM
Goldstein101 (goldstein101 gmail com) (1 replies)
RE: Port-Knocking vulnerabilities? Dec 31 2007 09:32PM
Craig Wright (Craig Wright bdo com au) (1 replies)
Re: Port-Knocking vulnerabilities? Jan 06 2008 04:12AM
Michael Rash (mbr cipherdyne org) (1 replies)
RE: Port-Knocking vulnerabilities? Jan 06 2008 04:49AM
Craig Wright (Craig Wright bdo com au) (1 replies)
Re: Port-Knocking vulnerabilities? Jan 06 2008 05:17AM
Michael Rash (mbr cipherdyne org) (1 replies)
RE: Port-Knocking vulnerabilities? Jan 21 2008 11:22AM
whip netspace net au (1 replies)
Re: Port-Knocking vulnerabilities? Jan 22 2008 12:26AM
Michael Rash (mbr cipherdyne org)


 

Privacy Statement
Copyright 2010, SecurityFocus