Simple port knocking method against TCP replay attack and port scanning / Mohd Azuan Mohamad Alias
Port knocking is technique first introduce in the Black Hat to prevent attackers from discovering and exploiting potentially vulnerable service on a network host, while allowing authenticated users to access these service. Despite being potentially useful tool, it suffers various vulnerabilities suc...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2012
|
| Online Access: | https://ir.uitm.edu.my/id/eprint/63972/1/63972.PDF https://ir.uitm.edu.my/id/eprint/63972/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Port knocking is technique first introduce in the Black Hat to prevent attackers from discovering and exploiting potentially vulnerable service on a network host, while allowing authenticated users to access these service. Despite being potentially useful tool, it suffers various vulnerabilities such as TCP replay, port scanning and etc. Most work in this area is proposed complex method to harden port knocking. This study presents an improved scheme over the existing Port Knocking by employ the Source Port sequences that will simplify a technique for port knocking system. Source port usually was automatic generate by operating system. Source Port is preassign to generate a sequence. A technique to control when certain service start and stop was introduced to mitigate problem with TCP replay attack and port scanning. In addition, a proposed method doesn't need to integrate with firewall like other port knocking method. Experiment indicates that packet capture was able to grab port sequence but doesn't define what the service request is. In term of performance, proposed method work faster than others method like Basic port knocking and Fwknop + SPA. The performance of the proposed method was evaluated by measuring the authentication time to knock the server. The proposed port knocking method was useful to system administrators who need to access the server remotely but has a strict firewall rules. |
|---|