Collecting data to demonstrate TCP ISN-based port knocking

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Collecting data to demonstrate TCP ISN-based port knocking

Julian Kirsch
Hash: SHA1

Hi all,

some of you might know a project called "Knock", which implements
a variant of port-knocking in the Linux kernel that can be used to
check the authenticity of arbitrary TCP connections and even can do
integrity checking of the TCP payload by using a pre-shared key.

We still hope that Knock will be eventually useful for adding an extra
layer of security to applications like SSH, VNC or Tor (think:
bridges), but could use your help to collect data to help convince the
Linux people to adopt the latest patch.

As Knock uses two fields in the TCP header in order to hide information
and we explicitly want to be compatible with machines sitting in
typical home networks, we need to make sure that this information
doesn't get corrupted by the majority of NAT boxes out there. We thus
created a program which tests if Knock would work in your environment.
It would be great if some of you were able to execute the program on
your machines in order to help us to get an estimation of if Knock one
day could be used in a larger scale.

You can find sources, binaries and a more elaborate description here:
Technical details about Knock and a (somewhat outdated) research paper
as well as kernel patches are provided here:

Julian & Christian
Version: GnuPG v1


Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.;4175;25;1371;0;5;946;e13b6be442f727d1