Perl prototype: v0.30
- pcaplib support added; daemon no longer requires firewall log file
2004-Nov-14 18:59 | ...more
new Net::Pcap support added to sniff packets directly ...more
Links to related and background articles, guides, standards, documents, sites and books.
- Miklosovic S (2011) PA018 - Term Project - Port Knocking Enhancements, Faculty of Informatics, Marsaryk University
- Amir R. Khakpour, and Hakima Chaouchi, ESSTCP: Enhanced Spread-Spectrum TCP in Proc. of the 3rd International Workshop on Security in Systems and Networks (SSN'07) in conjunction with IPDPS 2007, Long Beach, CA, March, 2007.
"Having stealth and lightweight authentication methods
is empowering network administrators to shelter critical
services from adversaries. Spread-Spectrum TCP
(SSTCP)  is one of these methods by which the client
sends an authentic sequence of SYN packets to the server
for authentication. Since SSTCP have some certain
drawbacks and security flaws, we propose an enhanced
version of SSTCP (ESSTCP) which modifies the original
algorithm to reduce the computational cost and cover its
vulnerabilities from denial of service and replay attacks.
Some performance problems like time synchronization
are also resolved. We finally try to extend the
functionality of this method for different applications and
numbers of users by which ESSTCP can be performed as
a secure Remote Procedure Call (RPC)."
- Jeanquier S (2006) An Analysis of Port Knocking and Single Packet Authorization. M.Sc. Thesis (Royal Holloway, University of London).
The purpose of this thesis was to analyze the different security benefits and limitations of firewall authentication schemes such as Port Knocking and Single Packet Authorization. I also aimed to address the concept of Security through Obscurity and its relation to the concept of Port Knocking and SPA. [http://www.securethoughts.net/spa/]
- Krzywinski M (2005) Port Knocking From the Inside Out. hakin9 5.
Appears in a number of languages, including Polish as "Dostep tylko dla wtajemniczonych" [Authorized access only]. Discusses the use of sendIP/tcpdump to implement bare-bones port knocking. Doorman is described in the article as well, along with installation and usage tips.
- Rash M (2004) Combining Port Knocking and Passive OS Fingerprinting with fwknop ;login: 29:19-25
- Graham-Cumming J (2004) Practical Port Knocking. Dr. Dobb's Journal 366:51-53.
- Kunz C (2004) Horch, wer kommt von drausen rein... [Listen, who is coming in from outside] c't 14:206-208.
- Krzywinski M (2003) Port Knocking: Network Authentication Across Closed Ports [txt]. SysAdmin Magazine 12:12-17.
- Barham P et al (2002) Techniques for Lightweight Concealment and Authentication in IP Networks. Intel Research Berkeley (IRB-TR-02-009)
An early, strong academic paper that outlines essentially the same authentication mechanism as port knocking.
- Christan Borss (2001) Listserv post to Braunschweiger Linux User Group (email@example.com)
Predating the Intel group paper, Christian's post to a German LUG.
- Bradley T (2004) Good guys and bad guys are using this method to open ports. about.com
Discusses the darker side of port knocking - a feature in malaware that provides hidden back doors on compromised systems. Symantec has identified port knocking as one of new emerging trends in bot networks.
- Doyle M Implementing a Port Knocking System in C, Department of Physics, University of Arkansas
Matt's Honours Thesis describes his implementation of a port knocking client and server, written in C. Matt uses Blowfish to encrypt the knock.
- Hatch B Sniffing with Net::Pcap to stealthily managing iptables rules remotely, Hacking Linux Exposed
- Krivis S Port knocking: helpful or harmful? An exploration of modern network threats
Discusses threats due to open ports and ways to control them: tighten, watch, learn and re-tighten.
- Krzywinski M (2003) Port knocking. Linux Journal.
- Kung L, Hou JC CS397 Network System Labs Project 5: Port Knocking, Department of Computer Science, University of Illinois at Urbana Champaign
A 3rd year computer science project directed at implementing a port knocking netfilter module
- Maddock B (2004) Port Knocking: An overview of Concepts, Issues and Implementations. SANS Institute
Maddock addresses in detail benefits and limitations of port knocking. He contrasts the feature sets in current implementations and presents his views on the future of the method. The article contains a large number of references to documents that discuss port knocking, as well as various implementations.
- Martin K (2004) Click on this, you muthas
This article in The Register discusses the concept of backdoors. "Port knocking is a legitimate security concept that has been discussed on Slashdot recently, and some virus writers have started using it "secure" their own backdoors. Add port knocking capabilities to a backdoor and you get a port knocking backdoor. The power to control these things would be held in the hands of an elite few, instead of any miscreant with malformed intent, as it is today."
- Nakjang N (2003) A Practical Approach of Stealthy Remote Administration. linuxsecurity.com
A discussion of SAdoor (implementations)
- Narayanan A (2004) A critique of port knocking, NewsForge.
- Nooning T (2004) Use port knocking for a more secure method of opening ports. TechRepublic.
- Roy P (2011) Port Knocking 101. patrickroy.ca
- Roy P (2012) Defining Knocking. patrickroy.ca
- Tbonius Introduction to Port Knocking
- Tan CK Remote Server Management Using Dynamic Port Knocking and Forwarding
- Trowbridge C, (2003) An Overview of Remote Operating System Finger Printing, SANS Institute
- Whitehouse W, Yamamoto M (2004) Knock Knock, Sandstorm Enterprises
- Yarden J (2005) Use port knocking to bypass firewall rules and keep security intact
"While they add an extra layer of network security, firewalls can often inhibit the proper administration of an organization's network. How can you get past firewall rules without compromising security? One method is port knocking. Find out how port knocking works, see why some people argue that this method isn't true security, and learn why port knocking sometimes presents its own security concerns." [exerpt]
- port knocking. webopedia
- port knocking. wikipedia
- Port Knocking - A new trend for firewall administrators. TLANews.com
- Hou JC Port Knocking, Department of Computer Science, University of Illinois at Urbana Champaign
An introduction to port knocking.
- Tan CK, Meng CT Remote Server Access using Dynamic Port Knocking and Forwarding
Discusses SIG^2's implementation, which "does not rely on sending a pre-defined secret sequence of port knocks to daemon. Instead, each user has a shared password with the daemon. When user wants to connect to the server, client program will generate a random knock sequence and 'declare' them to the daemon."
- Krzywinski M Port Knocking, West Coast Security Forum, 2003
My presentation on port knocking designed for a wide audience. Here I present the method as a personalized event trigger.
- Rash M Advanced Netfilter; Content Replacement (ala Snort_inline), and Port Knocking Based on Passive OS Fingerprinting, DEFCON 12
- Rathaus N Port knocking: Beyond security
A good introductory presentation to port knocking.
- Scorpion Software Introduction to Cerberus: Port knocking with covert packets to secretly open your firewall
Dana Epp's Cerberus (implementations) is presented.
Cerberus (a) can bypass most IDS sensors as normal traffic, (b) uses typical ICMP traffic allowed by most firewalls, (c) doesn’t require special tools to craft packet sequences - can be done with ping, (d) implements one time password composed of (i) the current date and time up to the last minute (ii) system "server seed" (iii) an individual user passcode and (iv) the IP address to allow in (in dotted decimal format).
- Worth D COK: Cryptographic Port Knocking, Black Hat USA 2004
David describes his covert implementation, COK (Cryptographic One-Time Knocking) of port knocking which achieves greater resistance against replay attacks by using one time passwords. One part of the implementation is unique - a client sending covert DNS knocks, in which a DNS query OTP.domain.tld incorporates the one time password (OTP) and is processed by the knock daemon. David also discusses knocking using out-of-bound protocols.
last updated 2012-Jan-09 10:53