[ previous ] [ next ] [ threads ]
 From:  "Don Gray" <don at netcaliber dot com>
 To:  "m0n0wall List" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Port Knocking?
 Date:  Sun, 8 Feb 2004 09:31:23 -0800
Thanks for all the input!  First I should say I didn't mean to add this to
Manuel's "to-do list"...he's busy enough.  I just thought the idea was
interesting and thought discussion might be appropriate should this method
ever become viable in the network world.

I manage a few networks remotely and the advantage I see to Port Knocking is
the ability to cloak the network from script-kiddies and such.  I have
nightmares that I missed a patch for SSH or TS everytime I see a portscan in
the firewall logs.  I realize port knocking is susceptible to sniffing and
man-in-the-middle attacks but wouldn't this only be pertinent from an
insecure network or a compromised border router?  I've also heard the
arguments in the "obscurity isn't security" debate but I'm of a mind that
any layer you can add to protect your resources (as long as you can live
with the complexity it adds) is good.

Overall I like the idea of PK but think the implementation needs more
brainstorming and maturity.