All ports open on firewalls and routers are a safe risk. This is also a value called "Port Knocking" technology. Port collision technology is a technology that allows access to pre-configured "collision" firewall services. The so-called collision is composed of a sequence that attempts to access the port on the system. These attempts are either recorded in a log, or save in a background process, monitor the sequence of open the corresponding port by pre-configuring this log or process, if the attempt sequence is in conforming to the preset sequence, you can open a port.
In this way, a port can be opened when needed, thereby having a certain technical advantage. For hackers, it is difficult to attack the system from remote use of related services that are turned off. For example, for remote management, it is convenient to open SSH services on a disclosed server, but this also makes the system allow anyone to try to access the system. Of course, for this port of this port, you can give a limitations of an IP address range, but in this way, it still brings problems with security issues and access challenges. Port collision technology will handle you in these two aspects: In most of the time, this port is closed, but knowing this method can open this port anywhere.
Overview
Since there are some security issues that have a well-familiar service, most of the safety damage is achieved from the external network. FTP and SSH use ports that everyone is familiar with, so these services have always been a variety of attack methods. In most cases, these services are used by internal users, so internal users are the main candidates using port collision technology.
Obviously, for those access services you need, such as HTTP and SMTP services, port collision technology is not suitable for this. Because web services and email services need to allow connections from anywhere. However, for all other services, the best practical operation is to close all non-must-have ports. Thus, a very useful service such as SSH often needs to be closed from the perspective of security aspects.
This is a very useful place for port collision technology. First, the probe is not found to have a server-based server-based server. Firewall software will automatically reject all port scans or any direct connection attempt. And by selecting a series of non-continuous port numbers (we will introduce), you can reduce the concerns of security issues, because a standard port scanner is generally unlikely to get a correct collision sequence. By using this method, remote access can be achieved while obtaining good security.
You may ask yourself, why do I need this way? In fact, you may not use this technology. This technique is only increasing the security of the current network, and a unpatiable security layer is created between possible hackers and services that require protection. If the remote user does not know that the server is listening to a specific port, you will greatly reduce the number of times the system through this port. Further, remote users are unlikely to determine if the server uses port collision technology, so it is not likely to use violent attempts to guess the correct sequence.
Detail problem of port collision
Different methods can be used to configure port collisions. You can use a static port sequence to implement an authorization access. For example, the server can be set such that the TCP port 22 is opened after it receives the connection attempt to ports 20333, 3022, 6712, 4998, and 4113 in order. If the server receives an incorrect sequence, turn off the port or use a timer to turn off the port. After the background process of monitoring the firewall log After intercepted these rejected attempts, add a new firewall rule in the firewall to open the necessary ports, and authorize the user to access the port.
You can also use dynamic configuration techniques to open the port. First, you need to create a port collection, in the example of this article, we will use port 1040 to port 1049. By providing a start sequence - for example 1042, 1044, 1043, you may need to provide the server to provide the corresponding reception information for the port you want to open. After sequences 1042, 1044, and 1043, you need to let the server know that you want it to open port 443. This design is to increase the flexibility and options that open the necessary ports of different servers without need to use static configuration. All ports open on firewalls and routers are a safe risk. This is also a value called "Port Knocking" technology. Port collision technology is a technology that allows access to pre-configured "collision" firewall services. The so-called collision is composed of a sequence that attempts to access the port on the system. These attempts are either recorded in a log, or save in a background process, monitor the sequence of open the corresponding port by pre-configuring this log or process, if the attempt sequence is in conforming to the preset sequence, you can open a port.
In this way, a port can be opened when needed, thereby having a certain technical advantage. For hackers, it is difficult to attack the system from remote use of related services that are turned off. For example, for remote management, it is convenient to open SSH services on a disclosed server, but this also makes the system allow anyone to try to access the system. Of course, for this port of this port, you can give a limitations of an IP address range, but in this way, it still brings problems with security issues and access challenges. Port collision technology will handle you in these two aspects: In most of the time, this port is closed, but knowing this method can open this port anywhere.
Overview
Since there are some security issues that have a well-familiar service, most of the safety damage is achieved from the external network. FTP and SSH use ports that everyone is familiar with, so these services have always been a variety of attack methods. In most cases, these services are used by internal users, so internal users are the main candidates using port collision technology.
Obviously, for those access services you need, such as HTTP and SMTP services, port collision technology is not suitable for this. Because web services and email services need to allow connections from anywhere. However, for all other services, the best practical operation is to close all non-must-have ports. Thus, a very useful service such as SSH often needs to be closed from the perspective of security aspects.
This is a very useful place for port collision technology. First, the probe is not found to have a server-based server-based server. Firewall software will automatically reject all port scans or any direct connection attempt. And by selecting a series of non-continuous port numbers (we will introduce), you can reduce the concerns of security issues, because a standard port scanner is generally unlikely to get a correct collision sequence. By using this method, remote access can be achieved while obtaining good security.
You may ask yourself, why do I need this way? In fact, you may not use this technology. This technique is only increasing the security of the current network, and a unpatiable security layer is created between possible hackers and services that require protection. If the remote user does not know that the server is listening to a specific port, you will greatly reduce the number of times the system through this port. Further, remote users are unlikely to determine if the server uses port collision technology, so it is not likely to use violent attempts to guess the correct sequence.
Detail problem of port collision
Different methods can be used to configure port collisions. You can use a static port sequence to implement an authorization access. For example, the server can be set such that the TCP port 22 is opened after it receives the connection attempt to ports 20333, 3022, 6712, 4998, and 4113 in order. If the server receives an incorrect sequence, turn off the port or use a timer to turn off the port. After the background process of monitoring the firewall log After intercepted these rejected attempts, add a new firewall rule in the firewall to open the necessary ports, and authorize the user to access the port. You can also use dynamic configuration techniques to open the port. First, you need to create a port collection, in the example of this article, we will use port 1040 to port 1049. By providing a start sequence - for example 1042, 1044, 1043, you may need to provide the server to provide the corresponding reception information for the port you want to open. After sequences 1042, 1044, and 1043, you need to let the server know that you want it to open port 443. This design is to increase the flexibility and options that open the necessary ports of different servers without need to use static configuration.
