|
-
January 10th, 2008, 07:39 PM
#1
port knocking (x2)
So I was bored the other day and stumbled upon a link to shimmer, can't remember how i found my way there but i started reading it and it was pretty interesting. check the link here for a quick run down: http://shimmer.sourceforge.net/
Up to speed now? Okay good. So I'm wondering, has anyone here actually implemented a port knocking program (with a purpose, not just for SnG's)? If so, how would you size it up to an off-shoot like shimmer? Both implementations would have their pros and cons, but in the end i would personally opt for port knocking.
IMO, shimmer is nice in that it holds almost 50 open ports with 16 active and rotating every minute. You're hiding your protected service in a haystack, so to speak. While it's a small haystack, you can still feel good about it because if someone tries to connect to the wrong service they're blacklisted for 15 minutes that slides with every attempt. Assuming a person guessed wrong only once, the set of ports would have shifted 15 times by the time he's unblocked and he's staring at a fresh challenge.
BUT, from what I understand, in the 1 in 48 chance that someone guesses right, there's no authorizing sequence. It's just a dice roll and if they land on the right number they got a minute to get in. It's a small window, but a window none the less.
Now, this is decent security for hiding a service but at the same time it's like having a vault in plain site with a huge sign hanging from it that reads "HEY!! I'M HIDING SOMETHING IN HERE!! COME POKE ME WITH A STICK!!!!" Curious hackers are always drawn to the red button.
Then, you have something like port knocking which let's you talk to closed ports by sending an auth sequence or payload to one or several ports to which the sender would recieve no response for anything sent, and if the sequence is correct the hidden service is opened. Now if a person scanned a machine that had a port knocking program and saw closed ports instead of 48 open ones in the 10000-10999 range, they may be inclined to believe there's nothing there and just move on. However, if they knew for a fact there was a port knocking program installed, I assume they could brute force it all they wanted.
What are your thoughts/views? Which would you choose?
Similar Threads
-
By ThePreacher in forum Miscellaneous Security Discussions
Replies: 17
Last Post: December 14th, 2006, 09:37 PM
-
By Jubei_Yagyu_14 in forum Newbie Security Questions
Replies: 19
Last Post: February 19th, 2004, 08:42 PM
-
By hatebreed2000 in forum AntiOnline's General Chit Chat
Replies: 1
Last Post: March 14th, 2003, 06:36 AM
-
By LordChaos in forum Firewall & Honeypot Discussions
Replies: 19
Last Post: October 4th, 2002, 11:58 AM
-
By Badassatchu in forum Other Tutorials Forum
Replies: 13
Last Post: March 23rd, 2002, 03:18 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote