Attacks on Port Knocking Authentication Mechanism
Research in authentication mechanisms has led to the design and development of new schemes. The security provided by these procedures must be reviewed and analyzed before they can be widely used. In this paper, we analyze some weaknesses of the port knocking authentication method that makes it vulnerable to many attacks. We will present the NAT-Knocking attack, in which an unauthorized user can gain access to the protected server just by being in the same network than an authorized user. We will also discuss the DoS-Knocking attack, which could lead to service disruptions due to attackers “knocking” on many ports of the protected server. Finally, we will review further implementation issues.
KeywordsSource Address Authentication Mechanism Network Address Translation Network Address Service Port
Unable to display preview. Download preview PDF.
- 1.Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed. J. Wiley & Sons, Chichester (2001)Google Scholar
- 2.Claerhout, B.: http://cs.ecs.baylor.edu/~donahoo/NIUNet/hacking/hijack/
- 3.Knowles, D., Perriot, F., Szor, P.: W32.Blaster.Worm Report. Symantec Security Response (2003)Google Scholar
- 4.Krzywinski, M.: Port Knocking: Network Authentication Across Closed Ports. SysAdmin Magazine 12, 12–17 (2003)Google Scholar
- 5.Narayanan, A.: A critique of Port Knocking NewsForge, August 8 (2004), http://software.newsforge.com/software/04/08/02/1954253.shtml
- 6.Schneier, B.: Port Knocking. Crypto-Gram Newsletter, March 15 (2004), http://www.schneier.com/crypto-gram-0403.html#5
- 7.Srisuresh, P., Egevang, K.: Traditional IP Network Address Translator (Traditional NAT). RFC 3022 (2001)Google Scholar
- 8.Wheeler, D., Needham, R.: TEA, a Tiny Encryption Algorithm. Fast Software Encryption, 363–366 (1994)Google Scholar
- 9.Worth, D.: CÖK - Cryptographic One-Time Knocking. BlackHat (2004)Google Scholar
- 10.Yan, J., Blackwell, A., Anderson, R., Grant, A.: The Memorability and Security of Passwords. Some Empirical Results. Technical Report No. 500, Computer Laboratory, University of Cambridge (2000)Google Scholar