Feb 15

Port Knocking + OTP

Security No Comments »

The problem is how to securely lock down your firewalls for very privileged services like SSH or a intranet server?

Is adding port knocking together with OTP a good,solid solution for perimeter defense? I’m going to play with this. The idea:

  • Port knock sequence numbers are based on a secret key and a cipher to create an 16 bit sequence or port numbers. ex. “7111 31189 40922″.
    1. That is UDP knock: 7111, 31189, and 40922.
    2. These numbers change approx. every 1-2 minutes. based on secret key and cipher and date/time seed.
  • The payload of each packet is a sequence number + 2 digit OTP number.
    ex: packet 1: “1|3dz”, packet 2: “2|js9″, packet 3: “3|34m”
  • There is a REQUEST packet that goes on another port based on cipher, ex. 5433 (changes daily?)
    The request packet provides the next sequence number,asks for what port to open: 22, ssh in this example that is ENCRYPTED also with IP Address. like so: “4|22|67.100.40.23″ => encrypted as “f321a0a5eb48f2ef2f89f52124bcc11a”
  • The entire sequence is started by a START port number and END port number that changes every day with a simple string as payload. ex: START port: 8765,END port: 64100.So the entire OTP +port knock sequence from my OTP+port knock client:
    • UDP:8765=>”START_PK_SEQ”
    • UDP: 7111 -> “1|3dz”
    • UDP: 31189 => “2|js9″
    • UDP: 40922 => “3|34m”
    • UDP: 5433 => ‘f321a0a5eb48f2ef2f89f52124bcc11a”
    • UDP:64100=>”END_PK_SEQ”Port 22 is now open on the host firewall for the requesting ip based on successfully decrypting packet #5.
  • In theory this would be resistant against man-in-the-middle and reply attacks.

Tagged with: