Hacker Read

e40 | karma 10076 | avg karma 2.84 · 2015-07-21 22:00:02+00:00

But what does deter them is port knocking. We went from many attempts per hour to not a single one since adding port knocking to our firewall.

Port knocking has been mentioned before on HN and it generally gets a luke warm to negative response. It completely baffles me, this response.

reply

stcredzero | karma 37049 | avg karma 2.13 · 2015-07-21 17:44:38

It's just caution. Using port knocking by itself would be a recipe for security disaster. As an addition to an already secure system, it's okay if you just want to reduce junk in your logs, perhaps. Many would ask, in that case, why use port knocking at all?

e40 | karma 10076 | avg karma 2.84 · 2015-07-22 16:05:46+00:00

The is the usual thing I hear. It is so incredible naive, though.

Any service, no matter how locked down and properly configured, still presents an attack surface. SSHD is a program like any other, and it can have bugs.

When you use port knocking with a properly configured SSHD, you are much more secure because that attack surface has been removed.

reply

sliken | karma 5336 | avg karma 1.83 · 2015-07-23 03:48:52+00:00

Seems like quite a bit of work to avoid a few connections an hour. Are you paying $0.01 per byte for syslog entries or something?

Who cares about a few connections per hour if the sun will die before they brute force your private key?

reply