Talk:Port knocking

From Wikipedia, the free encyclopedia

Comment on "a set of prespecified closed ports"
Client can fecth current time and date from any public realtime service, calculate 128 bits hash with this number and secret word known both to the client and the knock server and use the result as a sequence of ports to knock. Knock server checks the received sequence against the same or any other reliable time server. This way the knocking sequence is going to be unique for every session and can not be easily replicated by adversary.
Larytet

[edit] still prone to man in the middle attacks

y don't use openvpn or ipsec?

[edit] What that's got to do with anything?

Man in the middle attacks are nothing to do with port knocking. Port knocking is an access control method to individual ports. If those ports are plaintext POP3 or publickey SSH, port knocking doesn't care. Preventing man-in-the-middle attacks is nothing to do with port knocking. If you don't want people sniffing your connection and opening ports, then use an encrypted port knock. Even with a simple port knock, it's only the underlying protocol that needs to be protected against man-in-the-middle attacks.

--212.159.12.218 13:25, 12 January 2006 (UTC)

[edit] earlier publication

It would be nice if you could also cite the announcement and public discussion about this topic on the mailinglist of the "Braunschweiger Linux User Group":

http://www.lk.etc.tu-bs.de/lists/archiv/lug-bs/2001/msg05734.html

I didn't use the term "port knocking", but it's exactly the same method and it was published about a year before the earliest article that is mentioned on portknocking.org.

As this is my own work, I don't want to edit the port knocking article by myself but like to ask you to decide, if it's relevant or not.

Christian Borss