Simple port knocking method against TCP replay attack and port scanning / Mohd Azuan Mohamad Alias

Mohamad Alias, Mohd Azuan (2012) Simple port knocking method against TCP replay attack and port scanning / Mohd Azuan Mohamad Alias. Masters thesis, Universiti Teknologi MARA (UiTM).

Abstract

Port knocking is technique first introduce in the Black Hat to prevent attackers from discovering and exploiting potentially vulnerable service on a network host, while allowing authenticated users to access these service. Despite being potentially useful tool, it suffers various vulnerabilities such as TCP replay, port scanning and etc. Most work in this area is proposed complex method to harden port knocking. This study presents an improved scheme over the existing Port Knocking by employ the Source Port sequences that will simplify a technique for port knocking system. Source port usually was automatic generate by operating system. Source Port is preassign to generate a sequence. A technique to control when certain service start and stop was introduced to mitigate problem with TCP replay attack and port scanning. In addition, a proposed method doesn't need to integrate with firewall like other port knocking method. Experiment indicates that packet capture was able to grab port sequence but doesn't define what the service request is. In term of performance, proposed method work faster than others method like Basic port knocking and Fwknop + SPA. The performance of the proposed method was evaluated by measuring the authentication time to knock the server. The proposed port knocking method was useful to system administrators who need to access the server remotely but has a strict firewall rules.

Metadata

Item Type: Thesis (Masters)
Creators:
Creators
Email / ID Num.
Mohamad Alias, Mohd Azuan
UNSPECIFIED
Contributors:
Contribution
Name
Email / ID Num.
Thesis advisor
Mohd Ali, Fakariah (Dr.)
UNSPECIFIED
Divisions: Universiti Teknologi MARA, Shah Alam > Faculty of Computer and Mathematical Sciences
Programme: Master of Science in Computer Networking
Keywords: Scanning, Port, Tcp
Date: 2012
URI: https://ir.uitm.edu.my/id/eprint/63972
Edit Item
Edit Item

Download

[thumbnail of 63972.PDF] Text
63972.PDF

Download (12kB)

Digital Copy

Digital (fulltext) is available at:

Physical Copy

Physical status and holdings:
Item Status:
On Shelf

ID Number

63972

Indexing

Statistic

Statistic details