Simple, when I sniff a network connection, I don't have to specify a port on the
machine, just the whole link. So if I play back what I captured, I can see that
you hit port 30, 59, 1702 and then finally 80... and what was held in the packet
payload.
I've had fun with sniffing off hubs, spanned switch ports, and arp poisoned
switched networks, heheh.
> How do you give away your combination to anyone sniffing the network?
> Wouldn't they have to sniff the correct ports in the correct order? It's
> more like a password, where each of the chars can be any of 65000
> possibilities. Much harder to crack than any regular old password.
>
> anthony
>
> From: Austin Godber <godber@uberhip.com> Date: 2004/03/16 Tue PM 05:26:11 EST
> To: plug-discuss@lists.plug.phoenix.az.us Subject: Re: Port Knocking - An
> interesting idea
>
> Kevin wrote:
>
>> This is a concept that I first discovered in late 2000. I was
>> experimenting with the proof of concept code from FX of Phenoelit. His
>> code was called cd00r.c
>>
>> http://www.phenoelit.de/stuff/cd00rdescr.html
>>
>> I eventually got this working on an OpenBSD 2.6 firewall. It made me feel
>> much better about leaving sshd exposed. While I am not a fan of security
>> through of obscurity, I think of this as more like a combination lock with
>> 65,000+ digits on the dial.
>
>
> It is interesting, but ... you give away your combination to anyone sniffing
> on the network. So it is strictly security through obscurity and
> accomplishes little. Although it is a cool idea. Perhaps a single use
> combination that is shared between each host client pair would help ... but
> then it starts getting cumbersome.
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)