LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for December 4, 2008

KSM runs into patent trouble

Tux3: the other next-generation filesystem

LWN.net Weekly Edition for November 27, 2008

LWN.net Weekly Edition for November 20, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Bad Security

Bad Security

Posted Mar 6, 2007 1:16 UTC (Tue) by Sutoka (guest, #43890)
In reply to: Bad Security by ldo
Parent article: Single Packet Authorization (Linux Journal)

I think the 'problem' port knocking was designed to help solve were zero
day vulnerabilities and lists of servers with what version of certain
applications they are running.

As far as I know, most people aren't in positions to perform replay
attacks, which would greatly reduce the potential number of would-be
attackers. So when a zero-day vulnerability does appear, the chances of
your server being compromised by it would be greatly reduced. It would
also help prevent against a giant bot net trying to brute force access to
SSH.

Sure, there are holes and problems (primarily if you go with multiple
ports), but it reduces some attack vectors which can be used against the
system. Also a simple 'Port Knocking' server should be much easier to
audit for security issues than SSH/etc or a SPA server, as well as
generally being invisible to the world.

(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds