LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Hiding open ports with shimmer

Hiding open ports with shimmer

Posted Jan 11, 2008 19:17 UTC (Fri) by ranmachan (subscriber, #21283)
Parent article: Hiding open ports with shimmer 

How about a scheme where you would include the source IP into the crypto calculation and
derive a port knocking order which would then open the service port to the source IP?

AFAICS this would beat someone listening in (unless he can connect from the same source
address) and would make a distributed brute force attack more difficult (If you manage to
force the service open, you still have to connect within the time window from the successfull
source ip).

(Log in to post comments)

Hiding open ports with shimmer

Posted Jan 16, 2008 21:30 UTC (Wed) by salimma (subscriber, #34460) [Link] 

That sounds like a better scheme, yes. Port knocking is less vulnerable to brute-forcing, but
an eavesdropper would be able to just replay the port knocks. Making the port combination a
function of the source IP would secure it somewhat (not entirely -- you still have to
communicate the formula used to derive it!)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds