[Melbourne-pm] Knockd for Web
Simon Taylor
simon at unisolve.com.au
Mon Jun 1 23:02:44 PDT 2009
scottp at dd.com.au wrote:
> ----- "Daniel Pittman" <daniel at rimspace.net> wrote:
>
>> Given that port knocking is just another way of delivering a password
>> to the
>> destination system, there is no security difference between it and
>> just using
>> the password in the vast majority of cases.
>>
>
> Sorry this is very inaccurate Daniel. There are many reasons for that, but here are a few:
>
> * As your port is closed - you suffer from none of the DoS attacks to your service (e.g. SSH)
> * As your port is closed - you suffer from none of the buffer overrun, or various other back door and bugs in your daemon
> * As your port is closed - you don't even look like you are there - not even a response from your IP, no scan as the ports are closed, so unless you know to attack that location, you won't even try.
>
> The knock can also even be a one time key - obviously you need some way to know the next/ time based entry, which would not suit me.
>
Agreed.
I have found knockd to be a tremendous tool. It's great being able to
hide behind a public server that offers no open ports other than the one
or two http ports you want to offer.
(And it was a talk at Melb PM - by Hamish I think - that introduced me
to the wonders of knockd.)
Thank you Hamish!
- Simon
More information about the Melbourne-pm
mailing list