Professional Documents
Culture Documents
Abstract In recent years, there has been an increasing interest sequence of connection attempts is received, the firewall rules
in the authentication process due to the key role that it has in the are dynamically modified to allow the host which sent the
network security. Port Knocking (PKn) is an authentication connection attempts to connect over specific port(s). In fact,
method in which data transmits through the closed ports. This client who wants to use services should start an authentication
method is prone to attacks when attackers sniff the network. This
paper proposes a new method which is called Secure Port
process with sending non-reply packet to server [1].
Knock-Tunneling to eliminate both DOS-Knocking and NAT- Therefore, an attacker who is monitoring the network cannot
Knocking attacks. The possibility of implementation of this detect server. There is a monitoring system in the server-side
method is investigated on the Mikrotik devices. that stores the log of knocking process. When the
authentication pattern is completed then server opens a port
Keywords: Port security; Port Knocking; Authentication; DOS- for the valid user and the trusted connection is established
knocking attack; Network Access Translation; Tunnelling. between client and the server.
So far several port knocking schemes have been accused
I. INTRODUCTION of offering security through obscurity, since it is trivially
Nowadays, Network security protocols and policies are easy to detect and steal knocks in non-cryptographic systems
essential elements in Internet security devices that provide [8]. Although one should make a distinction between flawed
traffic filtering, integrity, confidentiality, and authentication implementations which are only secure if the details of the
Recent developments in remote communication have system are unknown, and the concept of port knocking as the
highlighted the need of a reliable authentication process. concept of port knocking is not fundamentally flawed. Since
However, providing secure connections, which are established revealing the presence of a service can only help an adversary
on public networks, is not simple at all. Leaving a port open to the notion of concealing services from unauthenticated users
the public is an invitation for an intruder. The safe network is a potentially useful one.
should be inaccessible for an intruder, but any inaccessible There are some attacks that can affect PKn performance
network is useless in that situation. Lots of services exist that which let a malicious user abuse the connection. Although,
should be accessible for public while the others should be PKn can make the authentication process safer than before, it
useable by authenticated users. Unfortunately, most services faces some situations, which make the network vulnerable.
such as HTTP or SMTP need to be open for everyone to see. DOS-Knocking and NAT-Knocking attacks are some of the
Open port that is used by each service being considered as well known attacks on PKn mechanisms.
a threat. Therefore, monitoring and controlling the port One of these situations happens when attackers send
accessibility can be a reliable assurance for having secure random packets to the server repeatedly. Server should
connectivity. Port knocking is a method that can hide services allocate a buffer for remaining log of each client until PKn
from attackers via transmitting data on the closed ports. complete. Therefore, DOS-Knocking leads to occupy the
Hereinafter basic PKn and related attacks are explained. significant amount of memory [2].
The other situation occurs when monitoring system cannot
distinguish trusted users from others. This scenario arises
A. Port-Knocking when Network Address Translate (NAT) is used in the
In computer networking, port knocking is a method of network. As a result, all the users have the same address
externally opening ports on a firewall by generating a outside the local network. Hence, when one user completes
connection attempt on a set of pre-specified closed ports [4]. the PKn process and gets permission for accessing to the
In other word, Port knocking is an authentication method that server, all the clients which are located behind the similar
is used for transmitting data on the closed port. Once a correct NAT can use the service [3, 4].
This paper presents a novel port knocking approach in III. SECURE PORT KNOCK-TUNNELING
which PKn authentication process is divided into two phases. Secure Port Knock-Tunneling (SPKT) is the new method
First phase eliminates the DOS-Knocking while the second which is presented in this paper. It is proposed to counter back
part abolishes the NAT-Knocking problem. This new method NAT-knocking and DOS-Knocking attacks and also it can
is known as SPKT: Secure Port Knock-Tunneling, which is an increase the protection of the authentication process.
enhanced port security authentication mechanism. To the best SKPT has two phases for securing the authentication
of the authors knowledge, there are not enough studies in mechanism, which are port knocking and tunneling. First
PKn. Therefore, it can be a suitable field for researchers who stage can solve the DOS-Knocking attack while the second
are working on the network security and want to use a new one removes the NAT-Knocking problem.
method for combating attackers or anonymous users.
The rest of the paper is structured as below: in section II Figure1 illustrates a connection in which client want to
some recent studies on the PKn are reviewed. The SPKT establish a connection to SSH server after passing the SPKT
technique is presented in section III and after that authentication. Client starts the SPKT process as a port
implementation results of the method are investigated on knocker via sending a UDP packet to the server.
Mikrotik RB1100 router board and presented in section IV
and finally in section V the paper is concluded.