General discussion

  • Creator
  • #2286433

    Be aware of potential threats from port knocking


    by maryweilage ·

    Do you have any experience with port knocking and the types of back doors associated with it? Do you frequently use freeware or shareware? Do you agree that it’s potentially insecure? Share your comments about protecting your network from port knocking, as discussed in the March 19 Security Solutions e-newsletter.

    If you haven’t subscribed to our free Security Solutions e-newsletter, sign up today!

All Comments

  • Author
    • #2728776


      by edlockett ·

      In reply to Be aware of potential threats from port knocking

      I agree with all the points you make. I think we will have to watch closely for this threat in the future. However there is no need to be too worried – I think you should have mentioned that such scepticism towards software that may contain trojans need only really apply to machines connected directly to the internet. Inside a firewall of course a machine would be beyond reach of ‘port knocking’ activity. I think that current personal firewalls would protect against this threat already. So such a policy is definitely important for firewalls, and machines in the DMZ, but for others it will be less important.
      I would imagine that it would be possible for firewall products / antivirus / anti-malware programs to check for processes that may be ‘listening’ for the port knocks you describe. Hopefully we will see this kind of functionality being integrated into products soon, to protect machines that are in the DMZ.

      • #2728774

        Agree 100%

        by mike mullins ·

        In reply to Firewall

        Thanks for filling in the blanks Ed. Our internal networks have gotten more secure. However, it’s the home user with little or no firewall protection and the machines in our DMZ that aren’t filtered properly that are poised to do all the damage.
        Mike Mullins

        • #2728771

          Need to educate casual users

          by edlockett ·

          In reply to Agree 100%

          Yes, the biggest threat to networks as a whole is always going to be machines belonging to users not up to speed with security. There needs to be a way to get a simple message to the masses : get a firewall! I wonder if anybody is in the position to commission TV ads or suchlike to get the idea across?

    • #2728726

      Cover your tracks

      by toreador ·

      In reply to Be aware of potential threats from port knocking

      I use free and share-ware all the time. After the initial download I scan the file with my A/V software. After the app is installed I run Adaware AND Spy-Bot to see what “extras” were put on my PC in the process. A fun little exercise is to run the spy-killers right before the install so you know exactly what was deposited by the free/share application when you run it afterwards. Most of the time they do not add any unwanted spies but sometimes…

      • #2693996

        true but…..

        by maxpower1111 ·

        In reply to Cover your tracks

        As the author pointed out. it can lie dormant until the perpotrator activates it. Suppose it’s brand new and the perpotrator distributes 10,000 copies of a given freware containing such a payload. AV and anti-spyware does not yet have a signature file to recognize this particular string of code. then 2 weeks down the road he/she activates all 10,000 at once. Guess what…..too late. what’s done is done.

    • #2728722


      by walker_ ·

      In reply to Be aware of potential threats from port knocking

      I’m not a network admin so I’m coming at this from a home user point of view. I use a firewall, keep my anti-virus up to date, and am generally a security minded individual who tries to stay educated about the latest threats and how to combat them.
      I’m troubled by something in the article – how can a dormant trojan be activated by port knocking if it’s not listening on any ports?

      • #2693994


        by maxpower1111 ·

        In reply to Curious

        perhaps some kind of passive sniffing. If you install a sniffer on your machine and take a capture, you’ll see traffic hitting you on a number of different ports. This does not mean that your OS is “listening” on these ports. but the sniffer still sees the contents of the packet and reads what port (TCP/UDP) it is destine for.

    • #2728694

      what happen

      by pberg ·

      In reply to Be aware of potential threats from port knocking

      I have MaFee:(virus scan) (firewall plus) (privecy service) (anti spam) (secure IE)and last week I was infected 2 times by virus: NetSky.c@mm,could it be port knocking.???? Iam still wondering, I hope that this can be useful to others who have security tools.

      • #2727945

        Reply To: Be aware of potential threats from port knocking

        by tin man ·

        In reply to what happen

        How often do you check for updates? The many variants are coming out weekly. If you use automatic update, check the frequency. A default could be weekly, or even monthly, and that’s not frequent enough anymore.

        Also, there is a time lag (albiet short) between discovery and the various vendors adding it to their signature files. Unfortunately, we can only depend on vendors before the thing runs rampant. I routinely check my signatures at least every other day. If it’s more than 3 days old, I will do a manual check and update if new one is available (i.e., came out between the automated updates).

    • #2727942

      Reply To: Be aware of potential threats from port knocking

      by tin man ·

      In reply to Be aware of potential threats from port knocking

      The hardware firewalls I have used allow one address (computer), behind the firewall, in a DMZ. By setting a non-existent ip address in the DMZ, port scanners will not get any response, open or closed. The scan utility times out without a response and moves on. Even a “closed” response is a hit on a valid address and the scanner may try again later in case it is open then.

      A “Shields Up” scan at will check your ports. By default, it checks the first ~1053 ports (most common). You can also check specific ports and other things. If it doesn’t get an “open” or “closed” on the ports, you get a “Stealth” rating.

    • #2727657

      something must be listening

      by martykro ·

      In reply to Be aware of potential threats from port knocking

      Surely something must be listening for the port taps. Maybe it’s not replying so a port scan will not catch it but a simple “netstat” should see all ports listening on the station.

    • #2693824

      freeware/shareware aren’t the only trouble makers

      by jnemeth ·

      In reply to Be aware of potential threats from port knocking

      This emphasis on freeware is total crap! There are known cases of commercial software shipping with viruses. There are even known cases of hotfixes from Microsoft being infected. It doesn’t matter where you get your software, there is the potential for trouble. Only the truely ignorant would place such a large emphasis on freeware/shareware.

      Your final thoughts are also complete crap! Saying that you don’t have anything against freeware/shareware, followed by saying that you only use them while they serve their purpose then you replace them with something for which you’ve paid isn’t exactly a compliment. BTW, I hope you pay for the shareware you use. As for your comment about getting programs from people you don’t know, I very much doubt that you personally know all the people involved in creating all the commercial apps that you use.

      As for my final thoughts, I leave an exercise for the student. Consider the history of the two most popular web servers. If you have even the slightest clue, then I won’t need to say anything more.

      What I want to know is when is TechRepublic going to replace you with somebody that acutally knows something about security? Most of your articles are total crap and some are even dangerous since they distract people from implementing real security solutions. With people like you, it is no wonder that the US federal government constantly receives failing grades for computer security. See House Panel Slams Federal IT Security for one of the latest reports.

Viewing 6 reply threads