Port collision technology is a good way to manage remotely

Port Collision Technology (knocking):

From the perspective of security management, open the more service port, the more unsafe, saying "ming gun easy to hide, stabbed difficult to defend", so "system security Reinforcement Service", the most common way is to close the useless port, and then provide services to the port to do access control. As remote management and maintenance of the people often need to open a number of service ports, such as FTP and SSH, these services using the familiar ports, a long time to open these ports, often a "serious" security risk. So the "need" to open the service, and only for specific people to provide services, service has been restored to the end of the port, the attackers can not use this "security risks", port collision technology provides a more ideal solution.

Port collision Technology is a technology that allows service devices to open a contracted service port to provide services after the user has collided according to the agreed sequence. A collision is made up of a sequence of attempts to access a closed port in the system, that is, a connection request for a particular port.

In other words, the implementation of port collision technology is simple:

1, open the fixed port service.

If the server is set to: After the server receives the same user's port 2048, 2049, 2055, 2058 connection sequence attempt, the server opens the TCP service port number 28, which the user can remotely work on, and automatically shuts down the service port when the connection ends. If the firewall and other gateway class devices, after the attempt to intercept the sequence, in the access list to add a rule to release the user's TCP28 packet, so that the connection can pass through the firewall. After you receive the connection Shutdown command, remove the rule and restore the denial of service to the port.

2. Dynamic Open Port Service

If you need to use port collision technology to open a service port with more than one, or dynamic service port, in the design of the server collision sequence, you can use in the sequence "specified" port, in the sequence at a certain location to "tell" the service port you want to open. If the set rule is, the last port minus 2000 for the service port is good, then the collision sequence of 2048, 2049, 2055, 2058, 2443, is to open 443 port services.

Port collision technology does not look complex, for the user said, in the normal connection before the establishment, and added a layer of "password" verification, you can do a small tool software to automate each of your collision process, the collision sequence as a password in the same order, you can work directly. And not only on the firewall can be implemented (at this time the server can be opened by default on the service port), but also on the server can be directly implemented. A matching buffer pool is added to the implemented device. In the way of the state machine to track into the matching user (source IP), from the matching of the first port packet, start the state machine, the user later packet matching sequence, complete one into the next state, until the entire sequence match, if there is a package does not match, then back to the initial state.

Port Collision Technology Security:

Since the port collision technology is not difficult to achieve, for the staff (the use of less services appropriate, if a large number of users are clearly not suitable for the function) of the "special" service is very convenient to open the need for the security of the problem?

"Password" Protection has two kinds of "natural enemies", one is simple password, it is easy to guess, because the account is not generally confidential, even the system defaults to some of the system management of advanced account, so easy to crack. The second is the brute force, the current 128-bit password cracking time has been shortened to the hour level, so the cryptography class protection technology, the current way most of the increase in length and combination.

Port collision using a combination of port number, some similar password, but the first port sequence itself has no meaning, is the user set themselves, so it is not easy to guess, the port number theoretically there are more than 60,000, there is no open service can be used to do collisions, the combination of a large number. Second, the length of the collision sequence is not fixed, which makes the scanning class of the crack tool very "headache", because do not know when the end of guessing. Again, and most importantly, collisions can be done in the same way as the initial package of the connection, or it can be different, such as using a special labeled SYN package. Port collision is the detection server does not open the service port, the server's response (many are ignored) does not indicate whether you are now a match, even if you are lucky enough to find the crash sequence, the next packet should be the one you started to connect to, and then if you choose the wrong, the "match" immediately precedes "zero", so The ability of the technology to resist scanning is very strong.

Expansion of collision Technology:

Port collision Technology is the ideal application of remote device management, because it is not frequently used, but the threat of a large demand, but also the network maintenance personnel the most needed functionality. In addition, application to some confidential documents remote access, is also a good choice, that is, the FTP service can increase the dynamic sharing of confidential file function, collision can no longer be a port, but the FTP General Service command of a special combination sequence, when matching temporary for the user to open a confidential document download function, Can be canceled immediately after use.

This column more highlights: http://www.bianceng.cnhttp://www.bianceng.cn/Network/Security/