Posted by: Anonymous Coward
on March 31, 2007 05:42 AM
Sniffed altering port does not help.
port knocking gets rid of most script kiddies. Even basic port knocking.
Depends defense depends on the type of port knocking. If its single packet encoded knock sniffing it does not help. Encoded in the packet has a Time, ID, port on target where encode packet was sent and IP of source all encrypted. Resending packet will not help attacker. Also encoded knocks can be sent to any port on the machine that is not open and still work. So port is selected basically by random generator across the complete port range other than selected do not use ports.
It can even be a wall knock. Its a variation on Encoded. You allocate like 100 or so ports for knocking. Each encoded packet is numbered as well as other required information. Then each packet is sent to random generated port to appear to be a rotating port. If someone trys a normal port knock brute force they only lock themself out. After login get a new set of random patterns. Getting past that is not exactly fun.
If I could work out how to limit users logins effectively based on encrypted knock it becomes a double door to beat. Need to know both the user and the knock that matches.
Learn about Linux
Download Linux
Get Linux help
So can changing the port.
Posted by: Anonymous Coward on March 31, 2007 05:42 AMport knocking gets rid of most script kiddies. Even basic port knocking.
Depends defense depends on the type of port knocking. If its single packet encoded knock sniffing it does not help. Encoded in the packet has a Time, ID, port on target where encode packet was sent and IP of source all encrypted. Resending packet will not help attacker. Also encoded knocks can be sent to any port on the machine that is not open and still work. So port is selected basically by random generator across the complete port range other than selected do not use ports.
It can even be a wall knock. Its a variation on Encoded. You allocate like 100 or so ports for knocking. Each encoded packet is numbered as well as other required information. Then each packet is sent to random generated port to appear to be a rotating port. If someone trys a normal port knock brute force they only lock themself out. After login get a new set of random patterns. Getting past that is not exactly fun.
If I could work out how to limit users logins effectively based on encrypted knock it becomes a double door to beat. Need to know both the user and the knock that matches.
#