Fred, thanks for reminding me about this... good stuff!
This is a concept that I first discovered in late 2000. I was
experimenting with the proof of concept code from FX of Phenoelit. His
code was called cd00r.c
http://www.phenoelit.de/stuff/cd00rdescr.html
I eventually got this working on an OpenBSD 2.6 firewall. It made me
feel much better about leaving sshd exposed. While I am not a fan of
security through of obscurity, I think of this as more like a
combination lock with 65,000+ digits on the dial.
About a year later, I noticed SAdoor from Claes M. Nyberg, which
expanded on the concept:
http://cmn.listprojects.darklab.org
Fire up your compilers!
...Kevin
On Tue, 2004-03-16 at 13:09, Fred Wright wrote:
> I first read about this in Bruce Schneier's CRYPTO-GRAM, March 15,
> 2004. Has anyone else heard/thought about this?
>
> /quote
> Port Knocking
>
> Port knocking is a clever new computer security trick. It's a way to
> configure a system so that only systems who know the "secret knock" can
> access a certain port. For example, you could build a port-knocking
> defensive system that would not accept any SSH connections (port 22) unless
> it detected connection attempts to closed ports 1026, 1027, 1029, 1034,
> 1026, 1044, and 1035 in that sequence within five seconds, then listened on
> port 22 for a connection within ten seconds. Otherwise, the system would
> completely ignore port 22.
>
> It's a clever idea, and one that could easily be built into VPN systems and
> the like. Network administrators could create unique knocks for their
> networks -- family keys, really -- and only give them to authorized
> users. It's no substitute for good access control, but it's a nice
> addition. And it's an addition that's invisible to those who don't know
> about it.
>
> <http://www.linuxjournal.com/article.php?sid=6811>
> <http://www.portknocking.org/>
> /endquote
>
>
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)