Linked by Thom Holwerda on Fri 7th Jul 2006 13:11 UTC, submitted by anonymous
Linux "The first time I have seen the knockd project I liked it instantly. The idea is so simple, and though so effective. Knockd is a port-knocking application that silently runs on a server passively listening to network traffic. Once it will see a port sequence it has an action configured for it, it will run that action. We can see this as a remote control to our server: once we hit the right button it will take the appropriate action!"
Order by: Score:
but but ...
by cookieninja on Fri 7th Jul 2006 14:05 UTC
cookieninja
Member since:
2005-11-11

You don't need a special program to do that. You only have to configure the rules straight into the iptables config. This knockd thing might make it easier, but it is most certainly not essentail for port knocking.

Reply Score: 2

RE: but but ...
by skx2 on Sat 8th Jul 2006 16:15 UTC in reply to "but but ..."
skx2 Member since:
2005-07-06

Agreed.

Here is a brief writeup of doing this just in iptables:

http://www.debian-administration.org/articles/268

Reply Score: 1

Security through obscurity.
by jessta on Fri 7th Jul 2006 14:44 UTC
jessta
Member since:
2005-08-17

Security through obscurity.
But obscurity is fine as long as you have actual security behind it and I'm sure it would reduce the failed hits in my ssh logs.
- Jesse McNelis

Reply Score: 2

RE: Security through obscurity.
by cookieninja on Fri 7th Jul 2006 16:01 UTC in reply to "Security through obscurity."
cookieninja Member since:
2005-11-11

The reason I started using it a while ago was for precisely that, reducing the size of the log files relating to the services I was running. Smaller log files are easier to read and spot trouble.

Problems can occour, however, when you have a large number of people trying to make use of the services hidden behind port knocking. Larger sequences are more secure, but longer sequences are also harder to remember, which means that shorter sequences tend to be prefered.

I think it's great for personal use or use by a small number of people, but not much more than that.

Reply Score: 2

so log
by hemry on Fri 7th Jul 2006 15:33 UTC
hemry
Member since:
2005-07-06

First this idea of port knocking was seen i trojans/rootkits i wonder why it took so long to implement it for the good reasons?

Reply Score: 1

Not more secure
by Soulbender on Fri 7th Jul 2006 15:36 UTC
Soulbender
Member since:
2005-08-18

This isn't really any more secure than just disabling password logins and only use keys with ssh.
It might cut down on the failure hits in the logs but so does simply just running sshd on a different port.

Reply Score: 2

RE: Not more secure
by pojo on Sat 8th Jul 2006 04:42 UTC in reply to "Not more secure"
pojo Member since:
2005-10-05

I completely agree. I used to get all sorts of login attempts when I had SSH running on the standard port. So I moved it to a non-standard port (one well above 1024) and absolutely nobody tries to log in now. The ports scanners usually don't find it because they usually only try common ports.

Port knocking is a cool idea though, and it's just one more layer that can deter a non-motivated wannabe intruder.

Reply Score: 1

RE[2]: Not more secure
by segedunum on Sat 8th Jul 2006 12:35 UTC in reply to "RE: Not more secure"
segedunum Member since:
2005-07-06

I used to get all sorts of login attempts when I had SSH running on the standard port. So I moved it to a non-standard port (one well above 1024) and absolutely nobody tries to log in now.

So did I. Of course, you can't use it as a security measure because you must secure SSH properly as you would normally do, but what it does do is stop pointless log in attempts from automated attacks on port 22 and stop your logs filling up with them.

Reply Score: 1

sekret decoder ring
by mipeligro on Sat 8th Jul 2006 01:23 UTC
mipeligro
Member since:
2006-06-03

ah, i get it now. this is a substitute for the sekret decoder ring and sekret handshakes of my youth.

Reply Score: 1

knock integration to putty clients
by whome on Sun 9th Jul 2006 09:34 UTC
whome
Member since:
2006-03-05

It would be good to have a knock sequence implemented in putty.exe client. Now I have a knock.bat script I run before starting a putty client.

if Putty session had a knock port sequence to be given...

Reply Score: 2