Posted by: Anonymous Coward
on August 11, 2004 10:55 PM
I don't know quite how to explain it further<nobr> <wbr></nobr>... perhaps you are confusing "successful attack on port-knocking layer" with "successful total compromise of system."
No one is saying that port-knock cracking is easy, or that once you have cracked the port-knocking on a server that you are all the way in. All that is being said is this: there is some percentage that represents how effective a particular port-knock crack will be. If that percentage is 10%, then all it means is that 10% of the time the attacker will be able to get past port-knocking (and then presumably will begin work on cracking the next layer of the onion).
Now, if 50% of all the servers that the cracker wants to break into use port-knocking, then for any randomly selected server in that group the attacker will have a 5% chance that the port-knock crack will work. The other 95% of the time the port-knock crack didn't work, either because the server wasn't using port-knocking, or because the server was using it but the crack wasn't effective.