Results 1 to 5 of 5

Thread: Knock: TCP Port Knocking Proposed For Linux Kernel

  1. #1
    Join Date
    Jan 2007
    Posts
    14,829

    Default Knock: TCP Port Knocking Proposed For Linux Kernel

    Phoronix: Knock: TCP Port Knocking Proposed For Linux Kernel

    A "Knock" patch has been proposed for the mainline Linux kernel that would provide NAT-compatible, TCP stealthy port knocking for improved network security of Linux systems...

    http://www.phoronix.com/vr.php?view=MTU0MDQ

  2. #2
    Join Date
    Mar 2010
    Location
    Cambridge, UK
    Posts
    71

    Default

    long ago I used port knocking, but once I found openVPN, I'd never go back.

  3. #3
    Join Date
    Jan 2012
    Posts
    28

    Default

    @ speculatrix

    How do you protect your OpenVPN port? :P

  4. #4
    Join Date
    Mar 2010
    Location
    Cambridge, UK
    Posts
    71

    Default

    Quote Originally Posted by a2r-l View Post
    @ speculatrix

    How do you protect your OpenVPN port? :P
    I'd hope you don't need to.

    if you're using UDP, openvpn won't respond to mis-authenticated packets anyway

    https://www.mail-archive.com/openvpn.../msg00265.html

    I've never seen someone attempt to subvert my openvpn server, and I run it on a standard port so don't even try and hide it.

  5. #5

    Default

    The disadvantage to the Knock design is self-admitted that the TCP SYN packet's SQN is only 32-bits long and would be subject to brute force attempts but involving billions of network packets.
    I guess that means a DoS attack might gain access to a port protected by port knocking?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •