Simple port knocking method: Against TCP replay attack and port scanning

Abstract

Port knocking is a first technique introduces to prevent attackers from discovering and exploiting potentially vulnerable service on a network host, while allowing authenticated users to access these services. Despite being potentially useful tool, it suffers various vulnerabilities such as TCP replay, port scanning and etc. This project proposes a new approach over the existing Port Knocking by employing the Source Port sequences that will simplify a technique for port knocking system. Source port is automatically generated by operating system and is pre-assigned to generate a sequence. A technique to control when certain service start and stop was introduced to mitigate problem with TCP replay attack and port scanning. The performance of the proposed method was evaluated by measuring the authentication time to knock the server. As a result, the proposed method worked faster than other methods like basic port knocking and Fwknop + SPA. This has shown that the proposed method was simple and at the same time against the TCP replay attack and port scanning.