Single Packet Authorization
Single Packet Authorization provides similar security benefits to port knocking in terms of protecting services with a packet filter that is configured in a default-drop stance. Anyone scanning for a target service that is protected in this way will be unable to detect such a service is listening, and this makes even the exploitation of zero-day vulnerabilities much more difficult. SPA offers elegant solutions to many limitations in port knocking implementations. These allow SPA to solve the replay problem, achieve a data transmission rate that makes the use of asymmetric encryption possible, thwart simple spoofing attacks and remain under the radar of intrusion detection systems that are monitoring networks for port scans.
See next month's LJ for Part II to this article, which will show exactly how to use SPA.
Krzywinski, M. 2003. “Port Knocking: Network Authentication Across Closed Ports”. SysAdmin Magazine 12: 12–17.
ElGamal Encryption: en.wikipedia.org/wiki/ElGamal_encryption
There is only one other SPA implementation that I am aware of at the time of this writing, available at www.unspecific.com/spa.
Another implementation called Tumbler (tumbler.sourceforge.net) employs a single packet, but it uses a hashed payload instead of an encrypted payload, and this results in a significantly different architecture.
fwknop documentation and man pages: www.cipherdyne.org/fwknop/docs
Michael Rash holds a Masters' Degree in applied mathematics with a concentration in computer security from the University of Maryland. Michael is the founder of cipherdyne.org, a Web site dedicated to open-source security software for Linux systems, and he works as Security Architect on the Dragon Intrusion Detection System for Enterasys Networks. He is the author of the upcoming book Linux Firewalls: Attack Detection and Response, published by No Starch Press.
- Readers' Choice Awards 2013
- Linux Kernel News - November 2013
- Mars Needs Women
- Sublime Text: One Editor to Rule Them All?
- Raspberry Pi: the Perfect Home Server
- RSS Feeds
- December 2013 Issue of Linux Journal: Readers' Choice
- Tech Tip: Really Simple HTTP Server with Python
- IBM Will Minimize Impact of Future Disasters
- Linux Systems Administrator
- The kernel doesn't really
4 hours 16 min ago
4 hours 47 min ago
4 hours 47 min ago
6 hours 52 min ago
- This should be very helpful
8 hours 5 min ago
- As much as I share your point
10 hours 25 min ago
- So girls had it better ?
13 hours 57 min ago
- Reply to comment | Linux Journal
14 hours 17 min ago
- why is GNOME 3 in the fifth position at 14.1 %?
19 hours 49 min ago
- Sublime Is Brilliant!
1 day 52 min ago