Port Knocking and Single Packet Authorization: Practical Deployments

Presented at The Last HOPE (2008), July 19, 2008, 4 p.m. (60 minutes).

Port Knocking and its big brother, Single Packet Authorization (SPA), can provide a robust additional layer of protection for services such as SSH, but there are many competing Port Knocking and SPA implementations. This talk will present practical usages of fwknop in Port Knocking and SPA modes, and discuss what works and what doesn't from a protocol perspective. Integration points for both iptables and ipfw firewalls on Linux and FreeBSD systems will be highlighted, and client-side support on Windows will be demonstrated. Finally, advanced functionality such as inbound NAT support for authenticated connections, sending SPA packets over the Tor anonymity network, and covert channel usages will be discussed. With SPA deployed, anyone scanning for a service with Nmap cannot even tell that it is listening; let alone target it with an exploit (zero-day or not).


Presenters:

  • Michael Rash
    Michael Rash holds a master's degree in applied mathematics with a concentration in computer security from the University of Maryland. He is the founder of cipherdyne.org, an organization dedicated to open source security software for Linux systems, and works professionally as a security architect for the Dragon IDS/IPS for Enterasys Networks. He is the author of the book Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort published by No Starch Press and is a frequent speaker at computer security conferences.

Links:

Similar Presentations: