Cryptography Reference
In-Depth Information
do so. Some web servers answer port 8080 while some users try to
route data through port 80 trying to act like the data from a web site.
Network administrators have tried to curtail some behavior on
their branches of the Internet by blocking particular ports. If the
administrator doesn't like web sites operating inside the subnetwork,
the administrator can program the routers to refuse to deliver all
information heading to port 80. Spammers can usually be locked out
by shutting down all traffic going to port 25, a technique that also
effectively blocks all legitimate messages too.
What's a network administrator to do? There's no easy way to tell
the difference between good and bad information by looking at the
port numbers alone. Good and bad people use them for good and
bad reasons.
One neat idea is
port knocking
, a virtual implementation of the
idea used by speakeasies and other places of ill repute to exclude
police and other undesirables by only opening a door if the person
uses the right pattern of knocks. The right pattern of sounds, say
“rap rap RAP [pause] RAP RAP”, is equivalent to a computer trying
to open a connection to ports 152, 222, and 13 in short succession.
A firewall might deny access to all outsiders who don't present the
right pattern of data (ports 152, 222, and 13) at the beginning of a
session and block data from other IP addresses that don't present
the right sequence. The firewall doesn't need to read the data itself,
just the quick pattern of requests for connection to particular ports.
[Krz03b, Krz03a]
A nice collection of
articles and pointers to
software packages can
be found at
portknocking.org
.
This technique is an ideal application of the way to hide infor-
mation inside of a list described in this chapter. A user and a fire-
wall could agree on the correct pattern for the day by computing
h
(
salt|port|password
) for each available port. (It would make sense
to exclude the ports that might be left open, say 23, 25 and 80.) Then
these hashed values could be sorted and the first
n
used as the port
knocking sequence. The
could consist of some random informa-
tion and, perhaps, the date or time that the sequence would work.
The port knocking could also encrypt amessage by permuting the
available port numbers according to the algorithms in this chapter.
salt
13.10.1 Enhancing Port Knocking
In recent years, port knocking has captured the imagination of a
number of protocol designers who've found a number of ways to re-
vise and extend the idea to enhance its security [Jea06, deG07]:
OneTimePads
The desirable sequence can only be used once and
then it is forgotten. This might be implemented by adding a
