Associating the Authentication and Connection-Establishment Phases in Passive Authorization Techniques
Port Knocking and Single Packet Authorization (SPA) are passive authorization techniques that provide firewall-level authentication to ensure authorized access to potentially vulnerable network services. Although these techniques serve as powerful protection mechanism against the intruders, they still suffer from a major problem. The lack of association between the authentication process and the follow-on TCP connection to be established is the most crucial problem still persisting in both of the passive authorization techniques. This problem allows an attacker to connect to a protected server on behalf of a valid client, after the client has successfully authenticated with the firewall but before he establishes a TCP connection with the protected server.