Posted Mar 6, 2007 15:07 UTC (Tue) by bronson
In reply to: Bad Security
Parent article: Single Packet Authorization (Linux Journal)
Well, it would be foolish to run a dictionary attack against udp:62201. There are a number of security articles demonstrating surprising success when doing the same thing against tcp:22.
In theory, practice and theory are the same. In practice, they're different. Personally, I use port knocking as a last-ditch measure if high-traffic OpenVPN goes down. It sure beats driving 300 miles to the data center.
There's little chance of a replay attack since I'll just change the knock sequence in the rare event that I actually need to knock in. Out-of-order packets just aren't a problem in practice. Port knocking makes my life easier and my /var/log/auth.logs much smaller. Don't be so quick to dismiss it because of theoretical flaws.
to post comments)