Posted by: Jonathan Bartlett
on August 11, 2004 05:09 AM
"His point is that if port-knocking was to become widespread, attacking it would become part of the arsenal of the attacker, which would eliminate the main benefit of port-knocking (the fact that it is difficult to detect if it is in use). "
The difficult part of detection of port knocking is not _whether_ port-knocking is in use, but on which ports it is in use. A standard scan of a port-knocked server will _never_ reveal which ports are being listened to for knocking. You are essentially requiring a cleartext passphrase before even telling someone that they need a passphrase. It's an onion - an additional layer. If you relied on portknocking for security, you're stupid - it's a plaintext password. However, port-knocking does restrict the amount of information others have about you, which makes you less of a target. It's like running LinuxPPC - it doesn't make you secure, but the likelihood of a random hacker breaking in is very small. Just by using it you have decreased your hackability a certain percentage.