Security Basics mailing list archives
Re: Port-Knocking vulnerabilities?
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Sat, 29 Dec 2007 14:28:53 +0100
On 2007-12-28 Jay wrote:
Portknocking is a security mechanism as it is a type of authentication. "Something you know" in this case the sequence of ports to knock before a unstarted service or daemon begins listening for connections.
Since everything is transmitted in the clear port-knocking is as much of a security mechanism as cleartext passwords. Technically: maybe (depending on your definition). Realistically: no. Regards Ansgar Wiechers -- "The Mac OS X kernel should never panic because, when it does, it seriously inconveniences the user." --http://developer.apple.com/technotes/tn2004/tn2118.html
Current thread:
- Port-Knocking vulnerabilities? Kappa Alpha Pi Eta (Dec 28)
- RE: Port-Knocking vulnerabilities? Tom Corelis (Dec 28)
- RE: Port-Knocking vulnerabilities? Craig Wright (Dec 31)
- Re: Port-Knocking vulnerabilities? Ansgar -59cobalt- Wiechers (Dec 28)
- RE: Port-Knocking vulnerabilities? Sean Tindall (Dec 31)
- Re: Port-Knocking vulnerabilities? T. Shannon Gilvary (Dec 28)
- <Possible follow-ups>
- RE: Port-Knocking vulnerabilities? nobledark (Dec 28)
- Re: Port-Knocking vulnerabilities? Jay (Dec 31)
- Re: Port-Knocking vulnerabilities? Ansgar -59cobalt- Wiechers (Dec 31)
- Re: Port-Knocking vulnerabilities? Robert Inder (Dec 31)
- Re: Port-Knocking vulnerabilities? Goldstein101 (Dec 31)
- RE: Port-Knocking vulnerabilities? Craig Wright (Dec 31)
- Re: Port-Knocking vulnerabilities? Ansgar -59cobalt- Wiechers (Dec 31)
- RE: Port-Knocking vulnerabilities? Craig Wright (Dec 31)
- Re: Port-Knocking vulnerabilities? Ansgar -59cobalt- Wiechers (Dec 31)
- RE: Port-Knocking vulnerabilities? Tom Corelis (Dec 28)
- Re: Port-Knocking vulnerabilities? Ansgar -59cobalt- Wiechers (Dec 31)
- Re: Port-Knocking vulnerabilities? Brent Huston (Dec 31)
- RE: Port-Knocking vulnerabilities? Craig Wright (Dec 31)