Mailing List Archive

   tlug.jp -> Mailing List -> tlug archive -> tlug Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tlug] Port Knocking . . . . . . . . . . . . . . . . . . . . . (was Re: Blocking bad sshd bruteforce attempt)

Joe Larabell wrote:

> I recall ... a daemon on the target machine to watch for SYN 
> packets to some combination of ports in sequence
> and *only then* would it open up a hole in the firewall.

Indeed. 

The name for that technique is called port knocking. 

> This is still security by obscurity 

Indeed. 

> but... it's so incredibly obscure that the probability of NMAP 
> hitting this combination completely by accident is microscopic. 

Indeed. 

Just because it NMAP would not open it by accident, 
doesn't mean that there aren't other non-accidental ways. 

> If you combine this with complete firewall blockage for random 
> port scans on other ports, you would also make it difficult to 
> find the port combination by trial-and-error.

Indeed. 

Hence replay attacks. 

> (too lazy to google it right now)

Indeed. 

   http://portknocking.org/view/details
   http://www.shorewall.net/PortKnocking.html
   http://software.newsforge.com/software/04/08/02/1954253.shtml
   
Port knocking is nice for reducing the amount of junk in your logs. 

Have fun with port knocking.
Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links