What is Port Knocking?

2

So I realized it's about sending a sequence of requests to a server in order to unlock a port.

It would then be possible through a browser to enable the port for ssh, for example:

Access servidor.com:80 then servidor:81 and then servidor:82 unlocked port 9999 (ssh) for example?

I found the concept interesting, but I had never heard of it. Is it heavily used? Are there similar alternatives?

    
asked by anonymous 21.11.2017 / 17:29

2 answers

2

What is Port Knocking?
Port Knocking is known as the act of visiting / hitting / sending data on specific ports, thus allowing another port to be opened after the sequence of correct ports have been visited.

Is it heavily used?
No, because the Port Knocking service introduces to the system several problems that would not exist, ultimately causing more disadvantages than advantages. Among the worst problems, I'll cite the Single point of failure (SPOF) , which is a problem already that most services are made to not have this kind of flaw, the Security by obscurantism problem that leads to false belief that if the attacker does not know what is attacking will have more difficulties (Note: Although some disagree, I believe it is a form of obscurantism), is easily reproduced if there is the "Man in the Middle" attack and depending on the mode is equivalent to a plaintext password .

Alternatives to Port Knocking
The main similar alternative to port knocking is the Shimmer , always keeping 16 ports online where only one is provides what you really want, all the others provide access to a "fake" service. These 16 doors change every minute, so that an attacker has to guess which door is correct and can penetrate it before the doors change again. For greater synchronization security, the previous and next minute is also considered, so there are 48 ports - only 3 of which provide the correct service.

The best alternative to port knocking is simple 2-factor authentication, which provides a real alternative to the problem that is tested and used by several technology giants.

Links to Deepening
link
link
link link

    
27.11.2017 / 04:07
1

The idea is to "hit" the right ports and in the right sequence and for this you can use even the telnet host: 1111; telnet host: 2222, telnet host: 3333 for example.

Here are some useful articles:

ArchLinux Wiki - Port knocking

How to Secure SSH Server Using Port Knocking on Ubuntu Linux

I hope to have helped, hugs!

    
22.11.2017 / 17:02