port knocking
Results 1 to 6 of 6

Thread: port knocking

  1. #1
    Junior Member
    Join Date
    May 2004
    Posts
    1

    Exclamation port knocking

    Heya,

    I am currently running a box and i would like to have my sshd,ftpd or either my inetd running just on purpose remotely, when im not at the office.

    I have heard about portknocking (on /.) - do you have any idea about how good it can work, its failures (denial of services possible, hacker sniffing the tcp sequence in order to replicate it, only TCP used?) .. well mainly how wide it is used and if there is any good distribution of a such software (thats kind of professional) ?

    Thats gonna give me a right idea about how interesting this solution is for me.

    10x !
    -- md100

  2. #2
    Member
    Join Date
    Dec 2001
    Posts
    87
    Most of the implementations on http://www.portknocking.org appear to be alpha or beta - I wouldnt use them yet anyway.

  3. #3
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    Instead to use that, you can established a VPN between your home (for example, can be roamming too) and your office and use those service thru a vpn tunnel. Maybe its more secure and easier to implement
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  4. #4
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    I hadn't heard of this before, but it sure sounds like a great idea, and more, it's probably easily implemented using a shell script. That said, the first thing that strikes you is of course a sniffer. However, the attacker actually has to be looking for a portknock to find it. Not very likely, yet. It only using TCP doesn't seem to be such a drawback because sniffers pick up both TCP and UDP normally, and a determined attacker would sniff everything from the line. Other than that, I can't really see any drawbacks here. Of course, if the server you're starting is something that's inherently insecure (i.e. Telnet), you're obviously taking a risk.

    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  5. #5
    Member
    Join Date
    May 2002
    Posts
    62
    Hello,

    Previously to visiting portknocking.org I had actually never heard of it... but before you even consider the construction of things such as VPNs ( which can cost quite a bit ) I wonder if you've considered a simpler implementation of security via xinetd with TCP wrappers. With xinetd, you can modify the time in whih the servers run so you they'll run when you're not at the office or whatever. It would also be easy to rig up your ftpd and sshd and drop the less secure inetd program.

    --rasem

  6. #6
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    A huge VPN can have a high cost, but for the usage specified here i dont think so. Server=linux, software=free, client=standard vpn client for Windows/*nix (free too). Basically is the same cost.
    But may be is not you want.
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •