port knocking only for ssh port?
Hi!
on the port knocking web site it says: Quote:
Quote:
|
Just to elaborate a bit about port knocking first. Port knocking is a technique which can be used by a server to respond if there's only a specific sequence of packets hitting a port. I remember testing out a trojan called Sadoor which used port knocking.
A hacker would install the Sadoor server on a machine. However it would respond only if the Sadoor client which obviously the hacker has in this case sends packets in a preddefined order. So for eg. You could configure Sadoor to give you a shell only if it received: Code:
a) TCP packets from port 25 So if you apply it to a real world scenario , port knocking on say port 80 would be a big pain as you said coz all your users would need to know what packets to construct and send which is impractical ;) . Regarding your hiding ssh port I guess it'll be possible but how would you do it? You'll need to somehow tell sshd that it shouldn't directly accept requests made by a normal ssh client. It must listen for the proper port knocking sequence and allow an ssh client in only if this is true. I'm pretty sure you will need to write a bit of code independently and have ssh call it before it responds to your request or modify the code for sshd itself. Neither of this is very practical or really needed as there are better methods of locking down / controlling access to SSH. If there's any other way to do it without writing any fresh code I'd be glad to hear it. You might also want to look at Sadoor and its excellent documentation for an even better understanding. Cheers Arvind |
All times are GMT -5. The time now is 08:09 AM. |