Bob : ...Knock, Knock.
Alice: Who's there?
Bob: Port 2000, Port 14979, Port 56743, Port 1984.
Alice: Well come on in!
Most of the geeks would have got the clue from the characters' name (Alice, Bob) that it somehow relates to security. And a few of the up2date geeks would have known instantly that I was talking about "Port Knocking". Thus the name of the blog, where "Port" in french means "Door" in english :-)
This in itself is not a new concept and definetly not the best way to protect youself from incoming connections. But it adds an extra shell of security to your computer ports. Oh, and this is definetly not for use in public domain ports. Announcing the sequence to the public kinda destroys the concept.
It basically expects an incoming connection from a "friend" of the user who knows the sequence of knocks. A logging Daemon monitoring the ports identifies the knocks. It can also be made time dependent and other Bells and Whistles like multiple knock sequences each for unlocking different ports/services and the like can be attached too.
Kinda reminds me of Harry Potter novels where wizards touch a sequence of bricks to go through to the Diagon Alley. Or those classical movies where theives and detectives use a musical way of knocking the door.
Where are they to be used?
Obviously on any non-public domain ports. I think it is a good candidate to be used in P2P arcitectures like Gnutella, kazaa, etc. But i seriously doubt it will be used in announcing Tracker files in BitTorrent. (What is BitTorrent).
For further info follow this path:
www.portknocking.org
No comments:
Post a Comment