LinuxBSDos logo
Please enter CoinGecko Free Api Key to get this plugin works.

Partner links

Knock: A Linux kernel patch for NAT-compatible, stealthy port knocking

Linux

A Linux kernel patch that “implements a new NAT-compatible, TCP option for stealthy port knocking with a few new twists for improved security” has been released.

Port knocking is a security implementation that’s designed to reduce the visibility of TCP servers on the network. A good port knock tool renders TCP servers stealthy, making them invisible to port scanners.

The point of a port knock tool is to make TCP servers respond to TCP SYN request only after a pre-defined sequence of packets have been sent and received. It’s like having a club house whose doors open only after a set number and sequence of knocks. There have been tools like in the past, but as far as I know, all have been in user space. Knock is thus likely the first port knock tool for Linux in kernel space.

From the release announcement:

  • Knocking is done in the Linux kernel. Applications can activate Knock with a single additional setsockopt call (in both client and server). Thus, once Linux has been patched, deployment will be much simpler compared to other implementations. Also, as Knock operates in the Kernel, timing attacks should be much harder to do.
  • Our Knock optionally does not merely enable opening the connection, but also can be used to protect the first N bytes of the TCP payload. Thus, given a sane protocol being run above TCP (one begins with a key exchange), an active attacker cannot simply take over the TCP connection after the handshake without also being locked into sending the same TCP payload. Thus, if the client begins by sending his public key and then continues to send data that must be authenticated with that key, even an active man-in-the-middle adversary cannot hijack the connection.

Knock is the work of Julian Kirsch, Maurice Leclaire and Christian Grothoff. The complete release announcement, associated documentations, as well as the code, are available here. The patch has been submitted to the Linux Kernel Mailing List (LKML), the kernel networking mailing list and subsystem maintainer. Could be coming to a Linux kernel next, if it passes muster.

Share:

Facebook
Twitter
Pinterest
LinkedIn

Related posts

Partner links

Newsletter: Subscribe for updates

Subscribe
Notify of
guest
1 Comment
Inline Feedbacks
View all comments

Get the latest

On social media
Twitter Facebook-f

Partner links

Security distros

Hacker
Linux distros for hacking and pentesting
NFT South

Crypto mining OS

Bitcoin
Distros for mining bitcoin and other cryptocurrencies

Crypto hardware

MSI GeForce GTX 1070
Installing Nvidia GTX 1070 GPU drivers on Ubuntu

Disk guide

LVM
Beginner's guide to disks & disk partitions in Linux

Bash guide

Bash shell terminal
How to set the PATH variable in Bash

Category posts

Recent Posts
Categories
Archives

Recommended desktop Linux distros

Debian
deepin
elementary
Fedora
Kubuntu
Linux Mint
Manjaro
Netrunner
Ubuntu
Zorin OS

Distros for hacking & pentesting

BackBox
BlackArch
CAINE
Fedora
Kali
Parrot
Tails
Whonix

For that BSD or illumos desktop

FuryBSD
GhostBSD
OpenIndiana
Twitter Facebook-f
1
0
Hya, what do you think? Please comment.x
()
x