Set up Port-Knocking

2009-02-18 10:18 | Category: Ubuntu 8.10 | Tags: network setup, Security, System Administration

The installation of the port knocking daemon is quite simple:

sudo apt-get install knockd

To start the knockd daemon automatically: uncomment START_KNOCKD=1 in /etc/default/knockd.

Configuration:

Edit the config file /etc/knockd.conf:

[options]
   logfile = /var/log/knockd.log
[openSSH]
   sequence    = 7000,8000,9000
   seq_timeout = 5
   command     = /sbin/iptables -I INPUT -s %IP% -p tcp --dport 22 --syn -j ACCEPT
   tcpflags    = syn
[closeSSH]
   sequence    = 9000,8000,7000
   seq_timeout = 5
   command     = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 --syn -j ACCEPT
   tcpflags    = syn

to open the port run (on the client side):

knock -v 10.0.0.42 7000 8000 9000

Making sure, knockd is running (you can do this every 10 minutes via cron etc.):

pid=`/bin/pidof knockd`
if [ "$pid" == "" ] ; then
  echo "Starting knockd again.";
  sudo service knockd restart
fi

port knocking client on windows

Get Native Win32 Client from http://www.zeroflux.org/projects/knock. Unzip and execute the following command:

knock -v 10.0.0.42 7000 8000 9000

Resources

https://help.ubuntu.com/community/PortKnocking
http://www.linux-magazin.de/heft_abo/ausgaben/2008/08/klopffest (German)
Alternative Single Packet Authorization
Other related stuff:
- http://www.fail2ban.org / http://packages.ubuntu.com/fail2ban

Set up Port-Knocking

port knocking client on windows

Resources

Comments