BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] port-knocking

Subject: [Discuss] port-knocking
From: tmetro+blu at gmail.com (Tom Metro)
Date: Wed, 27 Mar 2013 18:48:45 -0400
In-reply-to: <54B8A71EBF5006965C91C9F0@belldandy.lns.mit.edu>
References: <CADdmjq_jPJ8j6mJVzm2T8Tz6tZPF=cM5rPK7xZAA3gmwJTw-PQ@mail.gmail.com> <5150CE85.9010803@gmail.com> <CADdmjq-tn4x6tT+mRUxv_Km92sNrDsSce5UPX_aMSGieNDFzcQ@mail.gmail.com> <5151B65A.30107@blu.org> <6FE60F8A-B262-40D7-89A8-F2660C74CB66@gmail.com> <CADdmjq-2tr0SLuaOV3fc6S6GSQrdrZXfz2_5Sy8X8MgrgkCDXA@mail.gmail.com> <D1B1A95FBDCF7341AC8EB0A97FCCC4772C965B0C@SN2PRD0410MB372.namprd04.prod.outlook.com> <54DB539F0A2C293772BBDCF8@belldandy.lns.mit.edu> <20130327171346.GE20137@dragontoe.org> <51534868.9000703@horne.net> <54B8A71EBF5006965C91C9F0@belldandy.lns.mit.edu>

Rich Pieri wrote:
> Bill Horne wrote:
>> When combined with port-knocking, having a non-standard port for a
>> service like ssh is an effective means of preventing port-scanning
>> attacks.
> 
> It also makes you vulnerable to denial of service.

Are you asserting that port knocking makes you more vulnerable to DoS
attacks? I'm not following your logic.

While I can imagine some implementations of port knocking, where failed
knock sequences shut down a service, there are certainly other
implementations where that is not the case.

Can you clarify what you meant?

 -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/

Follow-Ups:
- [Discuss] port-knocking
  - From: richard.pieri at gmail.com (Rich Pieri)

References:
- [Discuss] DNS question about DNSENUM.PL
  - From: omegahalo at gmail.com (Chris O'Connell)
- [Discuss] DNS question about DNSENUM.PL
  - From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] DNS question about DNSENUM.PL
  - From: omegahalo at gmail.com (Chris O'Connell)
- [Discuss] DNS question about DNSENUM.PL
  - From: gaf at blu.org (Jerry Feldman)
- [Discuss] DNS question about DNSENUM.PL
  - From: abreauj at gmail.com (John Abreau)
- [Discuss] DNS question about DNSENUM.PL
  - From: omegahalo at gmail.com (Chris O'Connell)
- [Discuss] DNS question about DNSENUM.PL
  - From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] DNS question about DNSENUM.PL
  - From: richard.pieri at gmail.com (Rich Pieri)
- [Discuss] DNS question about DNSENUM.PL
  - From: invalid at pizzashack.org (Derek Martin)
- [Discuss] DNS question about DNSENUM.PL
  - From: bill at horne.net (Bill Horne)
- [Discuss] DNS question about DNSENUM.PL
  - From: richard.pieri at gmail.com (Rich Pieri)

Prev by Date: [Discuss] Security through obscurity
Next by Date: [Discuss] pseudo-off-site backup
Previous by thread: [Discuss] security through obscurity
Next by thread: [Discuss] port-knocking
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org