“Firewall administrators are challenged to balance flexibility
and security when designing a comprehensive rule set. A firewall
should provide protection against malfeasants, while allowing
trusted users to connect. Unfortunately, it is not always possible
to filter out the bad guys, because filtering on the basis of IP
addresses and ports does not distinguish connecting users. Bad guys
can and do come from trusted IP addresses. Open ports remain a
necessary vulnerability: they allow connections to applications but
also may turn into open doors for attack. This article presents a
new security system, termed port knocking, in which trusted users
manipulate firewall rules by transmitting information across closed
ports.“Briefly, users make connection attempts to sequences of closed
ports. The failed connections are logged by the server-side packet
filtering firewall and detected by a dæmon that monitors the
firewall log file. When a properly formatted knock sequence,
playing the role of the secret used in the authentication, is
received, firewall rules are manipulated based on the information
content of the sequence. This user-based authentication system is
both robust, being mediated by the kernel firewall, and
stealthy–it’s not possible to detect whether a networked machine
is listening for port knocks. Port knocking does not require any
open ports, and it can be extended to transmit any type of
information encoded in a port sequence…”
Linux Journal: Port Knocking
By
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis