The sys admin’s daily grind: Single-packet authentication
KEY EXPERIENCE
Author(s): CHARLY KÜHNAST
Conventional, woodpecker-style port knocking is open to sniffing and brute force knocking attacks. Sending an encrypted packet with an access request to the server is safer and more modern. Learn more about Firewall Knock Operator, a.k.a. Fwknop.
Conventional port knocking, which I described last month, protects you against attackers who routinely scan whole networks looking for “low-hanging fruit.” A cracker who takes more time and logs communications can also identify knocking signals because the sequences will repeat. In theory, you might consider using lists of one-off knocking signals that become obsolete after use. Unfortunately, this is really complex. Besides, if the administrator is not creative enough, an attacker could just try out popular knocking sequences (port 7000, 8000, 9000, …) to gain access.
Watch 3 days full of Apache talks live from Amsterdam on March 25-27 in the convenience of your home or office. Topics are: Apache Hadoop, Tomcat for Developers and Administrators, HTTP Server Administration and much more.
Comments
You can also "do-it-yourself"
BoneKracker Jun 21, 2009 4:38am GMT
http://forums.gentoo.org/viewtopic-t-687956-highlight-port+knocking.htmlky
ky Jun 16, 2009 6:16pm GMT
Mohammad