LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Bad Security

Bad Security

Posted Mar 6, 2007 1:16 UTC (Tue) by Sutoka (guest, #43890)
In reply to: Bad Security by ldo
Parent article: Single Packet Authorization (Linux Journal)

I think the 'problem' port knocking was designed to help solve were zero
day vulnerabilities and lists of servers with what version of certain
applications they are running.

As far as I know, most people aren't in positions to perform replay
attacks, which would greatly reduce the potential number of would-be
attackers. So when a zero-day vulnerability does appear, the chances of
your server being compromised by it would be greatly reduced. It would
also help prevent against a giant bot net trying to brute force access to
SSH.

Sure, there are holes and problems (primarily if you go with multiple
ports), but it reduces some attack vectors which can be used against the
system. Also a simple 'Port Knocking' server should be much easier to
audit for security issues than SSH/etc or a SPA server, as well as
generally being invisible to the world.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds