Security Basics
Collecting data to demonstrate TCP ISN-based port knocking May 15 2014 10:06AM
Julian Kirsch (kirschju sec in tum de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

some of you might know a project called "Knock", which implements
a variant of port-knocking in the Linux kernel that can be used to
check the authenticity of arbitrary TCP connections and even can do
integrity checking of the TCP payload by using a pre-shared key.

We still hope that Knock will be eventually useful for adding an extra
layer of security to applications like SSH, VNC or Tor (think:
bridges), but could use your help to collect data to help convince the
Linux people to adopt the latest patch.

As Knock uses two fields in the TCP header in order to hide information
and we explicitly want to be compatible with machines sitting in
typical home networks, we need to make sure that this information
doesn't get corrupted by the majority of NAT boxes out there. We thus
created a program which tests if Knock would work in your environment.
It would be great if some of you were able to execute the program on
your machines in order to help us to get an estimation of if Knock one
day could be used in a larger scale.

You can find sources, binaries and a more elaborate description here:
https://gnunet.org/knock_nat_tester
Technical details about Knock and a (somewhat outdated) research paper
as well as kernel patches are provided here:
https://gnunet.org/knock

Best,
Julian & Christian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJTdJGUAAoJENwkOWttRRA4jcQH/2lslUIJXv+fMkitH7fF314j
YQG+t01kX8VuXP5NOP9JChKgUzlGp4I3GEUDewE/w8anljvjY8RoFbyj8SSpEfFg
tiLbtnidskxIvtSTXTuGeFBbnT4+VLYd0cycHgo/5eglOHx+NnCG6VZpO4q64OAE
qnCWywy9FBle047scCOmacyTKkrahxahFb8tdjnca8BmrhBx1qSPjnDtQJ1Tkeko
1gpDRly8LIWELS9L2w8qJ2W8ebIbiEcccd85vSgrDgyVIpZtDoXPU3sjK8FWPeVa
ZKRO8L+e/BI+u4uXDTmCVbIzE/M8lanptdWplrOKiDpbTrrJcM7/6a0SM6qaqeE=
=rAIN
-----END PGP SIGNATURE-----

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus