This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new!

Re:Author is dead-on

Posted by: Anonymous Coward on August 11, 2004 01:07 AM
The point is that if you can assume that a certain number of servers implement port-knocking, the 'advantage' of being undetectable is largely mitigated.

Why? The attacker would need to see your network traffic to be able to make any kind of guess as to the port-knocking sequence, even if you use a fixed one with only handful of knocks. If even a thousand people have seen you knock on your computer, it's a reduction by a factor of a million or so, and the port knocking will have done its job well enough.

I agree with you that one has to be careful with security through obscurity, but it certainly can be used to reduce the number of possible attackers. We buy locks for our doors not because they're impossible to pick (or circumvent), but because they reduce the number of people who could do so, and the chance that they could do so undisturbed.

That said, I can't see myself playing with this 'port knocking'; it's all too likely to get stuck in firewalls or just be too hard to activate from someone else's computer.


Return to A critique of port knocking