Home page logo

basics logo Security Basics mailing list archives

RE: Port-Knocking vulnerabilities?
From: <nobledark () hushmail com>
Date: Fri, 28 Dec 2007 13:36:52 -0500

Have a look at this article:


I believe that it goes over some of the problems of traditional 
port-knocking and provides info on how SPA resolves the issue.

 - Nd

On Fri, 28 Dec 2007 13:20:40 -0500 Tom Corelis 
<tomc () targetbilling com> wrote:
I suppose you could do two successive port scans and hope the 
completes before the port-knockers' threshold..... 

Tom Corelis

-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com]
On Behalf Of Kappa Alpha Pi Eta
Sent: Friday, December 28, 2007 7:12 AM
To: security-basics () securityfocus com
Subject: Port-Knocking vulnerabilities?

Hi listers.

so I read this thread about port-knocking (altough called 
firewalls"). I'd never heard of that and found that to be an very
interesting mechanism. Now I just keep wondering, what an attacker 
possibly do to intrude system secured in such a way. So there are 
open ports at all, also, there's no way the attacker could access 
computer physically or via social engineering. The attacker knows 
that a
knock-server is running and that there's some daemon waiting to 
accessible (what ever that may be).
What could a attacker do to somehow get access to that machine? 
And how
can I secure that machine from that kind of attacks.

Thanks in advance,
Express yourself instantly with MSN Messenger! Download today it's 

Click for free information on court reporter careers, $100 per hour potential.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]