Announcement

Collapse
No announcement yet.

Knock: TCP Port Knocking Proposed For Linux Kernel

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Knock: TCP Port Knocking Proposed For Linux Kernel

    Phoronix: Knock: TCP Port Knocking Proposed For Linux Kernel

    A "Knock" patch has been proposed for the mainline Linux kernel that would provide NAT-compatible, TCP stealthy port knocking for improved network security of Linux systems...

    http://www.phoronix.com/vr.php?view=MTU0MDQ

  • #2
    long ago I used port knocking, but once I found openVPN, I'd never go back.

    Comment


    • #3
      @ speculatrix

      How do you protect your OpenVPN port? :P

      Comment


      • #4
        Originally posted by a2r-l View Post
        @ speculatrix

        How do you protect your OpenVPN port? :P
        I'd hope you don't need to.

        if you're using UDP, openvpn won't respond to mis-authenticated packets anyway

        https://www.mail-archive.com/openvpn.../msg00265.html

        I've never seen someone attempt to subvert my openvpn server, and I run it on a standard port so don't even try and hide it.

        Comment


        • #5
          The disadvantage to the Knock design is self-admitted that the TCP SYN packet's SQN is only 32-bits long and would be subject to brute force attempts but involving billions of network packets.
          I guess that means a DoS attack might gain access to a port protected by port knocking?

          Comment

          Working...
          X