Utilizing Port-Knocking as first defensive layer at defense-in-depth strategies using hybrid of the Internet Control Message Protocol features, Internet Addresses and Tunneling

Authors

1 Senior Expert in Information Technology Engineering - Computer Networks, Gilan University Campus, Rasht, Iran

2 Assistant Professor, Department of Computer Engineering, Gilan University, Rasht, Iran

Abstract

The computer networks are always vulnerable to various attacks and these attacks are typically
include identification attacks, acquire attacks and disabling services attacks. At identification attacks, the
attackers attempt to gather information and identify running services, in order to achieve damage, acquiring
or disabling services. Port-Knocking (PKn) is a unique method to prevent detection and exploiting vulnerable
services by the attackers and in facts the aim of PKn is hiding the services from attacker's view and
combat identifying attacks, while the authenticated users are allowed to access these hidden services. In this
article, a new method to establish simplicity and use of existing tools at the most operating systems to eliminate
specific programs for running processes and open ports PKn at any time and anywhere have been introduced.
This novel PKn can create more complexity at Knock operation utilizing the specific ICMP and
synchronizing by the use of web browsers, to reduce of replay attacks and eliminate the risk of DoS attacks
by hidden the services. To insure the efficiency and capabilities of the proposed method, this technique is
successfully implemented and ran on a MikroTik RouterOS operation system.

Keywords


[1] M. Krzywinski, “Port knocking from the inside
out,” Communication, 2005.
[2] R. deGraaf, J. Aycock, and M. J. Jacobson,
“Improved Port Knocking with Strong Authentication,”
21st Annu. Comput. Secur. Appl. Conf., no.
Acsac, pp. 451–462, 2005.
[3] T. Popeea, V. Olteanu, L. Gheorghe, and R. Rughinis,
“Extension of a port knocking client-server
architecture with NTP synchronization,” in
Roedunet International Conference (RoEduNet),
2011 10th, pp. 1–5, 2011.
[4] H. Al-Bahadili and A. H. Hadi, “Network Security
Using Hybrid Port Knocking,” IJCSNS, vol. 10,
no. 8, pp. 8, 2010.
[5] V. Srivastava, A. K. Keshri, A. D. Roy, V. K.
Chaurasiya, and R. Gupta, “Advanced port knocking
authentication scheme with QRC using AES,”
in Emerging Trends in Networks and Computer
Communications (ETNCC), 2011 International
Conference on, pp. 159–163, 2011.
[6] B. Maddock, “Port Knocking: An Overview of
Concepts, Issues and Implementations,” SANS
GIAC GSEC Pract. 23rd, 2004.
[7] M. Krzywinski, “Port Knocking,” A System for
Stealthy Authentication Across Closed Ports,
Available: http://www.portknocking.org/view/
about/summary, 10-Dec-2012.
[8] M. Krzywinski, “Port Knocking - Network Authentication
Across Closed Ports,” SysAdmin, vol.
12, no. 6, pp. 12–17, 2003.
[9] S. Jeanquier, “An Analysis of Port Knocking and
Single Packet Authorization MSc Thesis,” 2006.
[10] D. Worth, “COK: Cryptographic one-time knocking,”
Talk slides, Black Hat USA, 2004.
[11] OSI Reference Model, [Online]. Available: http://
standards.iso.org/ittf/Publicly Available Standards/
index.html, 24-Nov-2012.
[12] A. I. Manzanares, J. T. Marquez, J. M. Estevez-
Tapiador, and J. C. H. Castro, “Attacks on port
knocking authentication mechanism,” Comput.
Sci. Its Appl. 2005, pp. 1292–1300, 2005.
[13] M. Krzywinski, “Port Knocking,” [Online]. Available:
http://www.portknocking.org/, 12-Dec-2012.
[14] C. Hammond, “I Invented Port Knocking,” 2011.
[Online]. Available: http://blog . Chipx86 .com/
2011/02/10/i-invented-port-knocking/, 24-Dec-
2012.
[15] C. Hammond, “Knock Knock,” [Online]. Available:
http://www.advogato.org/person/chipx86/
diary/134.html, 24-Dec-2012.
[16] P. Barham, S. Hand, and R. Isaacs, “Techniques
for lightweight concealment and authentication in
IP networks,” Intel Res. Berkeley, 2002.
[17] F. of Phenoelit, “cd00r.c,” 2000. [Online]. Available:
http://www.phenoelit.org/stuff/d00rdescr.html,
22-Dec-2012.
[18] G. Hartrell, “Get ahandle oncd00r: The invisible
backdoor,” SANS Inst., no. Security 504, 2002.
[19] C. M. Nyberg, “SAdoor,” 2001. [Online]. Available:
http://cmn.listprojects.darklab.org/. 10-Jan-
2013.
[20] Creining, “Undetectable backdoor SAdoor,” 2003.
[Online]. Available: http://packetfu.org/2003/04/
undetectable-backdoor-sadoor.html, 10-Jan-2013.
[21] J.B.Ward, “The Doorman or Silent Running,”
2004 [Online], Available: http://doorman. sourceforge.
net/.
[22] C. K. T. Cappella, “Remote Server Management
Using Dynamic Port Knocking and Forwarding,”
Security, 2004.
[23] P. Iyappan, K. S. Arvind, N. Geetha, and S. Vanitha,
“Pluggable Encryption Algorithm In Secure
Shell(SSH) Protocol,” 2009 Second Int. Conf.
Emerg. Trends Eng. Technol., pp. 808–813, 2009.
[24] E. Y. Vasserman, N. Hopper, and J. Tyra,
“SilentKnock: practical, provably undetectable
authentication,” Int. J. Inf. Secur., vol. 8, no. 2, pp.
121–135, Nov. 2009.
[25] M. Rash, “Advances In Single Packet Authorization,”
ShmooCon, no. 2, 2006.
[26] J. H. Liew, S. Lee, I. Ong, H. J. Lee, and H. Lim,
“One-Time Knocking framework using SPA and
IPsec,” in Education Technology and Computer
(ICETC), 2010 2nd International Conference on,
vol. 5, pp. 205–209, 2010.
[27] F. Ali, R. Yunos, and M. Alias, “Simple port
knocking method: Against TCP replay attack and
port scanning,” Cyber Secur. Cyber Warf., pp. 247
–252, Jun. 2012.
[28] P. Mehran, E. A. Reza, and B. Laleh, “SPKT: Secure
Port Knock-Tunneling, an enhanced port security
authentication mechanism,” 2012 IEEE
Symp. Comput. Informatics, pp. 145–149, Mar.
2012.
[29] M. Pourvahab, R. E. Atani, and M. Shavanddasht,
“Port-Knocking with the usage of Web, Internet
control message protocol and Tunneling (PWIT),”
in 6th National Conference Iran"s Scientific Society
on Command, Control, Communications, Computer
and Inteligence (C4I), 2012.
[30] M. Baxter, “TCP/IP Reference,” [Online] Available:
http://nmap.org/book/tcpip-ref.html, Accessed:
10-Apr-2013.
Volume 2, Issue 4 - Serial Number 4
September 2020
Pages 25-40
  • Receive Date: 18 December 2013
  • Revise Date: 04 July 2023
  • Accept Date: 19 September 2018
  • Publish Date: 21 January 2015