Announcement

Collapse
No announcement yet.

Knock: TCP Port Knocking Proposed For Linux Kernel

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Knock: TCP Port Knocking Proposed For Linux Kernel

    Phoronix: Knock: TCP Port Knocking Proposed For Linux Kernel

    A "Knock" patch has been proposed for the mainline Linux kernel that would provide NAT-compatible, TCP stealthy port knocking for improved network security of Linux systems...

    Knock: TCP Port Knocking Proposed For Linux Kernel - Phoronix
    http://www.phoronix.com/vr.php?view=MTU0MDQ
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    long ago I used port knocking, but once I found openVPN, I'd never go back.

    Comment

    • #3
      @ speculatrix

      How do you protect your OpenVPN port? :P

      Comment

      • #4
        Originally posted by a2r-l View Post
        @ speculatrix

        How do you protect your OpenVPN port? :P
        I'd hope you don't need to.

        if you're using UDP, openvpn won't respond to mis-authenticated packets anyway

        Re: [Openvpn-users] Possible to drop port scan packets?
        https://www.mail-archive.com/[email protected]/msg00265.html


        I've never seen someone attempt to subvert my openvpn server, and I run it on a standard port so don't even try and hide it.

        Comment

        • #5
          The disadvantage to the Knock design is self-admitted that the TCP SYN packet's SQN is only 32-bits long and would be subject to brute force attempts but involving billions of network packets.
          I guess that means a DoS attack might gain access to a port protected by port knocking?

          Comment

          Previous template Next
          Working...
          X