Set up Port-Knocking

The installation of the port knocking daemon is quite simple:

sudo apt-get install knockd

To start the knockd daemon automatically: uncomment START_KNOCKD=1 in /etc/default/knockd.

Configuration:

Edit the config file /etc/knockd.conf:

[options]
   logfile = /var/log/knockd.log
[openSSH]
   sequence    = 7000,8000,9000
   seq_timeout = 5
   command     = /sbin/iptables -I INPUT -s %IP% -p tcp --dport 22 --syn -j ACCEPT
   tcpflags    = syn
[closeSSH]
   sequence    = 9000,8000,7000
   seq_timeout = 5
   command     = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 --syn -j ACCEPT
   tcpflags    = syn

to open the port run (on the client side):

knock -v 10.0.0.42 7000 8000 9000

Making sure, knockd is running (you can do this every 10 minutes via cron etc.):

pid=`/bin/pidof knockd`
if [ "$pid" == "" ] ; then
  echo "Starting knockd again.";
  sudo service knockd restart
fi

port knocking client on windows

Get Native Win32 Client from http://www.zeroflux.org/projects/knock. Unzip and execute the following command:

knock -v 10.0.0.42 7000 8000 9000

Resources

Comments