Re: Port-Knocking vulnerabilities?

["Robert Inder" <robertinder () googlemail com>]

On 29/12/2007, Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net> wrote:
> On 2007-12-28 Jay wrote:
> > Portknocking is a security mechanism as it is a type of
> > authentication. "Something you know" in this case the sequence of
> > ports to knock before a unstarted service or daemon begins listening
> > for connections.
>
> Since everything is transmitted in the clear port-knocking is as much of
> a security mechanism as cleartext passwords. Technically: maybe
> (depending on your definition). Realistically: no.

I think your dismissal of port knocking (and, indeed, plain text
passwords) is unrealistic.

If you can intercept my interaction with some remote server, you can
steal the relevant secrets (the password or the sequence of ports).

But isn't that quite a substantial "if"?

How are you going to do it?  Aren't you going to have to compromise
some other machine, either where I am, or where the server is (or, I
guess, where the relevant DNS records are), and then plant software to
deliberately wait and watch until a relevant interaction takes place?

I'm not saying that's impossible.  But it would take considerable
knowledge, planning and effort.

Why doesn't that make it a substantial defence against most kinds of
casual attack?

Robert.

-- 
Robert Inder        Interactive Information Ltd,            Registered
in Scotland
07808 492 213     3, Lauriston Gardens,                  Company no. SC 150689
0131 229 1052     Edinburgh EH3 9HH
                          SCOTLAND UK             Interactions speak
louder than words