Security Basics mailing list archives
Collecting data to demonstrate TCP ISN-based port knocking
From: Julian Kirsch <kirschju () sec in tum de>
Date: Thu, 15 May 2014 12:06:16 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, some of you might know a project called "Knock", which implements a variant of port-knocking in the Linux kernel that can be used to check the authenticity of arbitrary TCP connections and even can do integrity checking of the TCP payload by using a pre-shared key. We still hope that Knock will be eventually useful for adding an extra layer of security to applications like SSH, VNC or Tor (think: bridges), but could use your help to collect data to help convince the Linux people to adopt the latest patch. As Knock uses two fields in the TCP header in order to hide information and we explicitly want to be compatible with machines sitting in typical home networks, we need to make sure that this information doesn't get corrupted by the majority of NAT boxes out there. We thus created a program which tests if Knock would work in your environment. It would be great if some of you were able to execute the program on your machines in order to help us to get an estimation of if Knock one day could be used in a larger scale. You can find sources, binaries and a more elaborate description here: https://gnunet.org/knock_nat_tester Technical details about Knock and a (somewhat outdated) research paper as well as kernel patches are provided here: https://gnunet.org/knock Best, Julian & Christian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJTdJGUAAoJENwkOWttRRA4jcQH/2lslUIJXv+fMkitH7fF314j YQG+t01kX8VuXP5NOP9JChKgUzlGp4I3GEUDewE/w8anljvjY8RoFbyj8SSpEfFg tiLbtnidskxIvtSTXTuGeFBbnT4+VLYd0cycHgo/5eglOHx+NnCG6VZpO4q64OAE qnCWywy9FBle047scCOmacyTKkrahxahFb8tdjnca8BmrhBx1qSPjnDtQJ1Tkeko 1gpDRly8LIWELS9L2w8qJ2W8ebIbiEcccd85vSgrDgyVIpZtDoXPU3sjK8FWPeVa ZKRO8L+e/BI+u4uXDTmCVbIzE/M8lanptdWplrOKiDpbTrrJcM7/6a0SM6qaqeE= =rAIN -----END PGP SIGNATURE----- ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Collecting data to demonstrate TCP ISN-based port knocking Julian Kirsch (May 15)