Measure against this attack is use of one-time knocking sequences (analogy of one-time passwords). The port knocking sequence could also leak from logs of the destination system itself of from a network monitoring system. Sniffing - The port knocking sequence is not protected cryptographically so an attacker can sniff the successful port knocking sequence. Unfortunately this makes the system vulnerable to DoS attacks by attacker locking your access by using your IP address as a spoofed source address.
Measure against such attacks except securing the mentioned possible vulnerabilities could be disabling of the access from the attacker source IP address after certain number of unsuccessful attempts during certain time period.
#Nmap vs zenmap generator#
The number of combinations to try can be lowered if some information about the ports being used is known (for example a subset of ports) or if there is a successful random number generator attack. Another aspect to consider is that the port which will open after the knocking could be unknown so the attacker would have to repeatedly scan the ports during the port knocking attempts. For example for 3 knocks with randomly generated sequence it is 65535³ ≈ 2.8×10¹⁴. This method is not protected cryptographically so there are the following attacks possible:īrute-force - If you use the full range of possible ports 1-65535 then even very short knocking sequences give impressive number of combinations to test. The basic port knocking method uses a fixed sequence of ports.