January 08, 2008

Port shimmering: a new way to hide valuable ports in plain sight shimmer is a pair of small programs (a client and a server) that provide an alternative to port knocking program such as tumbler and are used to hide a valuable port (such as a hidden web server or SSH) on a public IP address.

shimmer works by cryptographically changing a set of 16 ports (one of which forwards to the real service, and 15 others that lead to a trap to blacklist attackers). The 16 ports change every minute frustrating an attacker, but a legimitate user with access to a secret shared between the client and server can determine the real port, avoid blacklisting, and get a connection. Useful for some, totally incomprehensible for others.

posted by Spock 16 years ago
  • This is interesting, thanks.
  • *taps babel fish* No, still nothing... arf, I slay me
  • The wife and I often moor the yacht at Port Shimmering during our summer cruising. Colonel Bufton-Tufton's villa commands a splendid prospect of the bay, the sunlight dancing on the water just so as one sips one's Pimms on the terrace, served by one of the guttural and strangely hirsute native maidens. All right, I admit, these are uncharted waters for me too.
  • I find that native maidens from gutters to be the best kind.
  • I ain't dirty! I washed me face and hands before I come, I did.
  • Seriously?
  • We can't even have a technical thread on programming over here without it descending into filth. We are fucking vulgarians. /hangs head in shame for about .03 of a second then /distracted by shiny breasts
  • I keep my port in the sideboard.
  • Wasn't Port Shimmering the sequel to Cape Fear? The one with Gary Busey and Chazz Palmintieri?
  • I thought it was a gay sex act.
  • You would know.
  • Zing!
  • This place is a den of iniquity. This is why we can't have nice things.
  • My port. It shimmers.
  • My starboard, not so much.
  • /stern glare
  • /deep bow
  • Yes, but can you snork with a neti port?
  • These puns are keeling me.
  • I seriously doubt your commitment to sparklemotion.
  • It's good to see we've still got the old rap-port.
  • Ba-boom-boom!
  • Props to you all!
  • I saw the GaySexAct beacon blazing over Gotham and raced to the thread.
  • so, an exciting act of pointless security by obscurity. Not to mention that by forwarding the port it removes any logging/filtering/interface specific rules that the daemon would normally apply since it sees all connections as originating from localhost. Even more useless than port knocking which has an n-byte (n being the number of ports to knock) password, this one only has a 4-bit password.
  • Interesting concept, though. And it's not just security by obscurity -- there's an auto blacklist feature for attackers who hit the other 15 ports. I also seriously doubt this comprises his entire server security strategy. I love that he calls it "Cryptographically Constantly Changing Port Opening or C3PO." Also, penis nipples fart.
  • *confused High Court judge face*
  • Spock, I apologize for not being smart enough to get what I should have out of your post. I'm sure the more technically-inclined monkeys are, though, while I act the merry Andrew. *cavorts*
  • I'm not sorry, and I'd do it again in an instant, I tell you!!!
  • He would, you know. We've all seen him.