Knock
Knock which is referred to as TCP Stealth is a proposed modification of the Transmission Control Protocol (TCP) to hide open ports of some TCP services from the public, in order to impede port scans. It is somewhat similar to the port knocking technique.[1] [2]
It modifies the TCP three-way handshake by only accepting connections from clients that transmit a proof of knowledge of a shared secret. If the connection attempt does not use TCP Stealth, or if authentication fails, the server acts as if no service was listening on the port number. [3]
Contents
1 Kernels with Knock support
Parabola contains, for now, one kernel with Knock support:
- linux-libre-lts-xtreme: package based on linux-libre-lts but with the difference that it provides support for stealth TCP sockets and all the LSM.
2 Applications with Knock support
2.1 OpenSSH-Knock
The patch introduced on openssh-knock enables OpenSSH to use the authentication mechanism of Knock. To specify a secret on both sides use the newly introduced SSH configuration option called TCPStealthSecret or (not recommended) the -z command line argument. It also extends the man pages of ssh, ssh_config, sshd and sshd_config which give more information.
3 See also
- Grsecurity+Knock
- PCK
- Xtreme
- Sysctl#TCP/IP stack hardening
- Knock - initial implementations for Linux kernel and legacy applications
- Master's thesis about TCP Stealth
- TCP Stealth - draft-kirsch-ietf-tcp-stealth-00
- GNU hackers unmask massive HACIENDA surveillance program