Posted by: Anonymous Coward
on August 12, 2004 12:08 AM
1) Even if 10% of hosts used port knocking, you would need to attack all hosts on the internet, have a 100% effective method of identifying a host using port-knocking, and a 100% effective method of defeating port-knocking, to have a 10% effectiveness on average of "compromising" an arbitrary machine.
2) Even then this "compromise" accomplishes very little. Using your example, i.e assuming that you knew beforehand what service port-knocking controlled (SSH), and you knew which port would be opened for the service (port 22), you now still need to attack SSH.
As an aside, the assumption that the port-knock sequences have a one to one match to ports is invalid. How about squences that encode which port and which service ?
This article as various other weak points, but a note on "security through obscurity".
Obscurity is not bad, security only through obscurity is undesirable, because it is not provably secure. Analogy - Best: Locked door that is hidden. Worser: Locked door that is not hidden. Worser still: Unlocked door that is hidden. Worser still: Unlocked door that is not hidden.