Posted by: Anonymous Coward
on August 11, 2004 07:10 AM
As far as I am concerned this article is a joke. Port knocking is not meant to be the sole layer of security, but it can provide a nice cushion if you are on vacation while the latest exploit for X service is found and can't update your boxes.
I will cede to the authors opinion that port knocking is insecure IF the standard port for whatever service is used IF the attacker knows that port knocking is being used IF he knows the length of the knock nessecary IF he knows the available ports that knocks may be recieved on IF he can sniff your traffic/cares enough to.
But lets be serious.
If someone is that dedicated to cracking your security and are comptent the chances are they will. The basic premise behind port knocking (as I understand it)is not that it is secure, it simply makes you less of an attractive target to the 1337 skript kiddies. That being said, what's the point of this article? Don't use port knocking and then not bother to secure your services? OK, sure.
--Kevin S. leviticus [at] (Google's totally awesome mail service).com