SN 865: Port Knocking

Beep boop - this is a robot. A new show has been posted to TWiT…

What are your thoughts about today’s show? We’d love to hear from you!

I was thinking that something similar to authenticator could be use to prevent replay attack on the port knocking. I mean authenticator is nothing but a seed+timing based deterministic number generator. Normal authenticator spit out 8 digit number, which can be use as acceptable port sequence. Eg, an output of 19469369 could be interpreted as sequence of knocking port 1019,1046,1093,1069. As long as the server only accept one client per cycle, this method would have no need to keep the log and it would prevent replay attack as well. I’m not a security expert so I can’t tell how is this idea more or less secure than SPA scheme. Assuming 8 digit number is the limit of authenticator and the server is accepting +/- one sequence before or after in case of slight timing difference, this would mean that the change of guessing the correct sequence at any instance is 3 out of one hundred million. And I see no reason why this cannot be use alongside SPA scheme as well.

I can tell you with certainty that WatchGuard is a reliable company. Those Wifi6 AP’s are all WatchGuard cloud, and you do not need a WatchGuard firewall appliance to use them.

With that said, being a WG partner for 10+ years, the way that they handled the cyclopse blink botnet issue with remediation steps and the actionable assistance provided to customers of WG shows how dedicated and transparent they are. WatchGuard allows even out dated/end of life models to update to their core firmware to at least patch Cyclopse Blink Botnet, without a subscription service.

If you’re still considering WG as your security vendor, I would highly recommend them still.