Ports
involved in the knock sequence are generally closed and a TCP/UDP level filter detects the
proper access sequence before opening the service port for an incoming connection from
the knocking computer. Because generic client applications are generally not capable of
performing a knock sequence, authorized users must be supplied with custom client software
or properly configured knocking software. This is the reason that port knocking is
not an appropriate protection mechanism for publicly accessible services.
One thing to keep in mind regarding port knocking is that it doesn??™t fix vulnerabilities
within protected services in any way; it simply makes it more difficult to reach them.
An attacker who is in a position to observe traffic to a protected server or who can
observe traffic originating from an authorized client can obtain the knock sequence and
utilize it to gain access to the protected service. Finally, a malicious insider who knows
the knock sequence will always be able to reach the vulnerable service.
References
Port Knocking www.portknocking.org
M. Krzywinski, ???Port Knocking: Network Authentication Across Closed Ports,??? SysAdmin
Magazine, 12: 12??“17 (2003) www.portknocking.org
Migration
Not always the most practical solution to security problems, but sometimes the most
sensible, migration is well worth considering as a means of improving overall security.
Pages:
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843