Posted by: Anonymous Coward
on August 11, 2004 01:31 PM
Yes, I did read the article.
"...Then an attacker simply assumes that the target machine is using port knocking and proceeds to attack it. The attack succeeds with a probability of one in 10 (of what it would have been if stealth were not employed)"<nobr> <wbr></nobr>... implying that using port knocking reduces the chance of succsesful attack by 9/10ths.
How are the "one in 10" and "10%" supposed to be related? (yes, I'm aware that they are an equal probability - but they are used in two different, non-interdependent contexts).
It's like saying: "if X% of machines use port knocking, then if you try to crack such a machine, your chance of success will be reduced to X% of what it was."
Following that through to its logical conclusion: "if 100% of machines using port knocking, and you try to crack such a machine, your chance of success will be 100% of what it was (if nobody was using port knocking) - that is, if everybody used port knocking, it would have absolutely no effect on the probability of an attack being successful".