Posted by: Anonymous
on May 21, 2008 08:52 AM
Just to add to the clarifications. The authentication/authorization data contained in an fwknop 'auth. packet', is encrypted but also integrity protected by using a SHA-256 hash over the entire content of the packet, that the server stores in a hash log and checks any subsequent auth packet hashes against, to check for replays. The auth packet also contains a timestamp, and if fwknop receives any packet that is older than 120 seconds (by default), that packet is silently rejected. So it helps ensure fresh and non-replayable packets.
For a detailed look at how Port Knocking and SPA work, check out http://www.securethoughts.net/spa/ . For anyone interested in learning more about SPA and its usage, you are welcome to post on the Port Knocking and Single Packet Authorization Forums (http://www.securethoughts.net/forum/viewforum.php?f=6).