You are here

Improved Kernel-Based Port-Knocking in Linux

TitleImproved Kernel-Based Port-Knocking in Linux
Publication TypeThesis
Year of Publication2014
AuthorsKirsch, J
Corporate AuthorsGrothoff, C
Academic DepartmentComputer Science
Date Published08/2014
Thesis TypeMaster's
KeywordsGNUnet, Hacienda, Knock, TCP Stealth

Port scanning is used to discover vulnerable services and launch attacks against network infrastructure. Port knocking is a well-known technique to hide TCP servers from port scanners. This thesis presents the design of TCP Stealth, a socket option to realize new port knocking variant with improved security and usability compared to previous designs.

TCP Stealth replaces the traditional random TCP SQN number with a token that authenticates the client and (optionally) the first bytes of the TCP payload. Clients and servers can enable TCP Stealth by explicitly setting a socket option or linking against a library that wraps existing network system calls.

This thesis also describes Knock, a free software implementation of TCP Stealth for the Linux kernel and {\tt libknockify}, a shared library that wraps network system calls to activate Knock on GNU/Linux systems, allowing administrators to deploy Knock without recompilation. Finally, we present experimental results demonstrating that TCP Stealth is compatible with most existing middleboxes on the Internet.